Happy Holidays! This video is a continuation of my vSphere 5 Video Series, in this video I cover how to properly leverage VMware vSphere 5.0 Auto Deploy to automatically deploy ESXi hosts in your infrastructure. Auto Deploy is a new feature found in the Enterprise Plus edition of vSphere 5, it allows administrators to deploy stateless images that are deployed via gPXE directly to the RAM of the host. That’s right, ESXi hosts do not require a local HDD/USB/SDCARD to operate as they can simply download their image and configuration (via Host Profile) into RAM and automatically be placed in their correct vCenter Server datacenter/cluster or folder.

As shown above, PowerCLI is used to create an ESXi Image Profile, this image includes the base ESXi installation as well as any additional drivers, third-party integration or plug-in that you would like to include. That Image Profile is then attached to a Deployment Rule that is also created within PowerCLI. The deployment rule dictates what Image Profile is to be used, what host(s) are tied to the deployment rule and some other configuration specifics such as, which Host Profile to attach after the host has been added to vCenter as well as which vCenter DC/Cluster/Folder to add the host to. For example, you can leverage the same Image Profile but have different Deployment Rules based on DRS Cluster.

For those of you that would like to know a little more about how Auto Deploy functions under the covers, there are basically five core components when it comes to Auto Deploy. There is the actual Auto Deploy server (1) which is essentially a web server that pushes an ESXi Image Profile to the server, this is driven by the Rules Engine (2) which is accessed/configured via PowerCLI along with the Image Builder. There is a requirement for a TFTP Server (3) which will store the gPXE bootloader (4) and push it to potential ESXi hosts that are led to it by a DHCP Server (5). Once gPXE is booted it is notified to grab the ESXi Image and Configuration from the Auto Deploy server.

In the video I cover everything that is needed for Auto Deploy to work, including to installation of vCenter Server and the associated Auto Deploy service as well as PowerCLI and creation of the Image Profile and Deployment Rule. By the end of the video you should have a firm understanding of how to leverage Auto Deploy in your environment to its full potential. I even include steps on how to slipstream third party vendor packages into your ESXi Image Profile, including; EMC PowerPath/VE, the VMware vCloud Director agent and the VMware Fault Domain Manager agent (vmware-fdm) which is required for VMware HA to properly function.

For reference, the EMC PowerPath/VE 5.7 vibs can be downloaded from EMC Powerlink, the VMware vCloud Director agent can be copied from your vCloud Director server from the /opt/vmware/vcloud-director/agent folder and the vmware-fdm agent can be grabbed directly from the vCenter Server by adding http://<vcenter-server>/vSphere-HA-depot as an esxsoftwaredepot in PowerCLI.

Read More…

Posted under vCenter, vSphere

In this video we’re going to cover the installation, configuration and usage of the VMware vCenter 5.0 Server Appliance (vCSA). The vCSA is a brand new production ready Virtual Appliance that allows you to stand up vCenter Server in literally a few minutes. Once you watch the video you’re going to be like, “Hey Rick, that was more than 5 minutes!”.  For that I do apologize, but when you do watch it you will realize we’re doing a lot more than just installing vCenter 5.0.

First a little disclaimer. vCSA is not for everyone, but in my opinion it should definitely be looked at and should be leveraged wherever it can. vCSA is obviously the direction of where the vCenter Server product is going and hopefully relatively soon it should be at par with its Windows based big brother.

So, why isn’t it for everyone?

As of right now it does not have support for integration with VMware Update Manager (VUM), VMware vCenter Linked-Mode, VMware vSphere Storage Appliance (vSA), VMware vCenter Heartbeat and VMware View Composer. Another concern you may have is that it’s embedded database option (based on DB2) is limited to 5 Hosts and 50 Virtual Machines. Think of the embedded option to be similar to the SQL Express Option in vCenter Server for Windows, great for POC, Demo, Test and extremely small SMB situations, but not practical for production. The final nail in the coffin might be that it only supports Oracle to offer external DB functionality.

Some of those constraints are not going to be avoidable, for example if you require more than 1,000 hosts or 10,000 powered on virtual machines you’re obviously going to need Linked-Mode and the Windows based vCenter Server. If you’re looking to deploy a VDI solution based on VMware View, you’re going to need the Windows based vCenter Server as well. But, if you’re like the majority of VMware vSphere customers, have less than 1,000 hosts, are confident in VMware DRS and HA to protect your vCSA and are OK with the fact that you need Oracle for the external database (which you can virtualize as well)….the vCSA might be for you!

One last thing I wanted to comment on was VMware Update Manager, in my opinion the lack of VUM support for the vCSA might not be that big of an issue, and here’s why; With the introduction of vSphere 5.0, VMware also introduced a few new features, Auto Deploy and Image Builder. These features tied together with Host Profiles truly enable the concept of stateless ESXi. My thought is, if you need to update your ESXi host, simply update the Auto Deploy rule and reboot the machine. Upon the next boot it will automatically be updated and configured properly.  Obviously VUM does a lot more than just ESXi patching, but again, for the majority of vSphere customers they’d be just fine with Auto Deploy.

So have a view of this video to see just how easy it is. I have sped up some portions of the video, specifically the loading of the vSphere Client as well as the deployment of the vCSA OVF template. Also, I suggest watching the video in full-screen mode by clicking the icon on the bottom right of the video. If for whatever reason the video isn’t displaying, you can also use the following link to view; http://youtu.be/o2f1b1vYSis

Posted under vCenter, vSphere

This is going to be the first of many in my vSphere 5 Video Series where I’ll cover the basics to getting vSphere 5.0 installed, configured and operating. In this video see just how easy it is to do a bare-metal installation of ESXi 5.0. Out of all of the install and upgrade options available for vSphere 5.0 this by far is the easiest and cleanest method in my opinion.

Upgrading can be extremely easy as well, by leveraging VMware Update Manager (VUM) it allows existing configurations to be migrated and will even allow you to migrate from ESX to ESXi. One thing to keep in mind when doing a migration with VUM from vSphere 4 to vSphere 5 is that if you are using the ESX edition of vSphere 4 and have custom scripts, agents or modules loaded into ESX those will not be migrated into ESXi 5.0.

Whatever your situation might be, my recommendation has always been to do a fresh installation of ESXi then leverage Host Profiles to push the configuration to the host. Even if you’re not an Enterprise Plus customer you can still get all of the benefits, like Host Profiles, free for 60 days by simply not licensing the product. Remember, you must license before the 60 days are up to avoid any service disruption.

Another great feature of vSphere 5 is Image Builder and Auto Deploy, I’ll cover Auto Deploy into more detail later, but with Image Builder you can build custom ESXi builds that include third party drivers and other custom data. Don’t worry though, you can still do custom installations with kickstart if you’d like, but after you see Auto Deploy you’re not going to want to.

So have a view of this video to see just how easy it is. I have sped up some portions of the video, specifically the blade server booting, the hardware discovery process and actually installation portion. Also, I suggest watching the video in full-screen mode by clicking the icon on the bottom right of the video. If for whatever reason the video isn’t displaying, you can use the following link to view; http://youtu.be/aN9mc9YNiC0

Posted under vSphere

It is 9am Pacific Time on Tuesday, July 12th 2011 and I sure hope you’re tuned into the vmware Mega Launch so greatly titled “Raising the Bar, Part V”. If you’re not watching the live broadcast, stop right here and tune into it by clicking this link, then come back and read this post.

Spoiler alert… reading beyond this point talks about amazing updates and new features from vmware!

This by far has to be the most exciting launch in the history of vmware, not only are we getting an update to the vSphere product suite that has hundreds if not thousands of enhancements and new features, we’re also getting updates to other great products like vCloud Director, vShield and SRM.

In fact, there are so many changes and so much new great things to talk about I can’t do it all in one post. So I’ve decided that I will need to break these up into multiple posts, each with deep detail. I’ll release this posts as quickly as I can write them, but until I have them completed I want to provide you with some of the great core details from this mega launch.

So first off get ready for another new term from vmware, Cloud Infrastructure and Management. To sum it up, CIM basically includes vSphere (ESXi), vCenter, vShield and vCloud Director as a single package/methodology called CIM. These are all of the building blocks necessary to build a robust, elastic and efficient hybrid cloud. I have a feeling we’re going to hear a lot about how vSphere 5 along with the other above mention products are the industry best pieces for running a Cloud Infrastructure.

On a side tangent, there is so much discussion on the cloud you wouldn’t believe it. On an almost daily basis I’m meeting with customers to discuss their “Cloud Strategy”. Customers want Hybrid Cloud computing and with these latest updates that I’m going to discuss I think we’re finally at a place where we truly can have application and data mobility, moving our workloads fluidly across our own data-centers in an automated load balanced fashion, from compute to now storage, as well as being pushed out to external hosting (cloud) providers for extreme elasticity as well as fault tolerant (BC/DR) infrastructure.

Ok, so lets get started on all of these updates!

vSphere 5 (including ESXi 5.0)
First off, everyone should already know but if you do not, there is no longer Classic ESX with the traditional Service Console. vmware stated that version 4.1 would be their last release of the Classic ESX install and now with version 5.0 there is only ESXi.

Performance - There have been a number of enhancements to the core vmware enterprise hypervisor, in this latest release we’ll see huge performance improvements to the vmkernel but as well as in Virtual Machine density. ESXi hosts can support up to 512 virtual machines on 160 logical CPUs with up to 2TB of RAM, while Virtual Machines can now scale to 32 vCPUs with 1000GB of Memory and have been tested to push 1,000,000 IOPs. What this basically means is there shouldn’t be any performance related reason why you cannot virtualize any workload. The most demanding workloads are being virtualized such as Oracle RAC, Microsoft SQL, SAP and Exchange 2010.

Image Builder - this is a new utility built upon PowerCLI that allows you to create custom ESXi builds, it allows you to inject ESXi VIBs, Driver VIBs and OEM VIBs to create an installable or PXE boot-able (I’ll explain why shortly) ESXi image. If you’re unaware of what a VIB is, it stands for vmware Infrastructure Bundle and you can think of it almost as a RPM bundle.

Auto Deploy - Think UCS Service Profile but at the O/S level. There isn’t any hardware abstraction for moving an existing ESXi image between different hardware, but with Auto Deploy you can quickly and easily create stateless ESXi servers with no disk dependency. To sum it up, you PXE boot your server, the ESXi image is loaded into host memory from the Auto Deploy server, its configuration is applied using an answer file as well as host profile and that host is then connected/placed into vCenter. Hose something? A simple reboot will give you a fresh ESXi image in a matter of minutes. Need to expand your cluster? Bring up another host and add it to the cluster within minutes.

vCenter Virtual Appliance (VCVA) - Whoo Hoo! Looks like that Tech Preview of vCenter Server on Linux finally hit GA! vmware has released with vSphere 5 a virtual appliance of vCenter Server that is based on Linux! This also includes a feature rich browser based vSphere Client completely built on Adobe Flex, this is not a replacement for the traditional installed vSphere Client but it is a nice move forward in vSphere management. Ahhh, do you remember the MUI? :)

High Availability (HA) Completely Rewritten - Way too much to discuss here, but a complete rewrite to the core HA functionality has happened. HA can now leverages multiple communication paths between agents (referred to as FDM or Fault Domain Manager) including network and storage (datastore). HA agents no longer use a Primary/Secondary methodology, during cluster creation a single Master is chosen and each remaining host is a Slave.

VMFS5 - Oh my! 64TB datastores anyone with a single easy to use 1M block size? You got it! Along with VAAI 2.0 which includes two new block primitives, Thin Provision Stun (finally!) and Space Reclaim. NFS also doesn’t need to feel left out because we now have Full Clone, Extended Stats and Space Reservation for NFS datastores. We also have a new API called VASA, vStorage APIs for Storage Awareness which will provide a number of enhancements such as profile-driven storage (think EMC FAST-VP being integrated with vSphere). Quickly back to VAAI 2.0, Thin Provision Stun will protect your virtual machines if your datastore runs out of space and Space Reclaim will use SCSI UNMAP instead of WRITE ZERO to remove space, this will allow the array to release those blocks of data back to the free pool.

Storage DRS (SDRS) - DRS load balancing Virtual Machines across hosts is to SDRS performing Storage vMotion on VMDKs for better performance, capacity utilization, etc. This also includes initial placement as well as allowing affinity based rules for VMDKs. SDRS can monitor for capacity utilization as well as I/O metrics (latency) and dynamically balance your VMDKs across multiple datastores.

Storage vMotion - Snapshot support!  As well as being able to move around Linked Clones. There has also been some core enhancements to make things faster and more consistent.

vSphere Storage Appliance (VSA) - It is what it sounds like, a virtual storage appliance that allows SMB customers to use local disk on the ESXi host presented out as an NFS datastore to the vSphere Cluster. There is replication technology behind it so if you do lose an ESXi host you will not lose data nor will you lose connectivity to your virtual machines. This is meant for up to 3 ESXi hosts and is really tailored for the SMB or ROBO market.

There is so much more in vSphere 5, but like I said I wanted to just give a brief overview at this time.

Site Recovery Manager 5
Host Based Replication - New feature within SRM5, no longer is SAN storage/replication required for SRM. You can now replicate your data host based for disaster recovery scenarios in your virtual environment. Key takeaways, replication between heterogeneous datastores and it is managed as a property of the virtual machine. Powered-off VMs are not replicated, non-critical data (logs, etc) are not replicated. Physical RDMs are not supported. Snapshots work, snapshot is replicated, but VM is recovered with collapse snapshots. Fault Tolerant, Linked Clones and VM Templates are not supported.

Automated Failback - Replication is automatically reversed and with a single click you can failback your virtual machines from your disaster site to your production site. This is huge! You have no idea how much of a pain it is to failback a site with SRM, unless you’re using the EMC plug-in :)

Misc - Completely new interface, still within the vSphere Client as a plug-in but now you can manage it all from a single UI, no need to use two clients or a linked mode vCenter.

vCloud Director 1.5
Tons of new APIs within vCloud Director 1.5, including vCloud Orchestration via a vCenter Orchestrator module. Supported for Linked Clones is a huge leap forward, you can now deploy vApps in a matter of seconds with minimal storage consumption. Microsoft SQL is now supported as a back-end database which will make standing up a vCD instance in your lab a lot easier because you won’t need to worry about an Oracle database :). There is also support for federated multi-vClouds by linking vCD instances as well as enhanced vShield integration specifically around IPSec VPN.

Are you still awake? 1170+ words into this post and I’m still not complete….and this is just the brief overview! Whew!!  vmware you really outdid yourself!

vShield 5
vShield Edge - provides us with true multi-tenant site separation complete with VPN capabilities, DHCP, Stateful Firewall and now Static Routing within vShield Edge 5.0.

vShield App - gives us layer2/3 protection with VM-level enforcement now with group based policies found in vShield App 5.0 as well as enabling multiple trust zones on the same vSphere cluster. Layer 2 protection coupled with APIs enable automatic quarantining of compromised VMs.

vShield Data Security - is a new member of the vShield family that allows you to monitor virtual machines continuously and completely transparent to the VM for compliance such as PCI, PHI, PII and HIPAA to name a few.

vShield Manager - Enterprise roles found in Manager 5.0 now provide the separation of duties required by some security and compliance standards.

So there you have it…. a brief 1706 word blog post covering just the high-level details of the vmware mega launch. Like I said earlier, I’m going to try to focus in on some deep-dive details on some of the major topics above. But until then, read up as much as you can on the vmware website and hopefully relatively soon the bits will be available for public consumption so you can get all of this great fresh new code in your lab!

Posted under Cloud, SRM, Security, Storage, VMware HA, vCenter, vSphere

Another one of those posts today that most likely will not affect most, however there is a known issue with the vStorage APIs for Array Integration (VAAI) mixed together with EMC VMAX Storage Arrays. My best bud, Chad Sakac, wrote about this last week (over here).

Long story short, if you’re running a VMAX with Enginuity 5875.135.91 or 5875.139.93 along with ESX(i) 4.1 hosts you may see some slowness when trying to do things like Storage vMotion, Deploy from Template, etc…basically things that leverage HardwareAcceleratedMove.

So how do you fix it?  First thing is you need to disable HardwareAcceleratedMove, instructions on how to do this can be found in VMware KB1033665. Next thing is to contact EMC Support and have the ePack that engineering released for this problem installed on your VMAX. Then finally, contact VMware support for their hotfix…rumor has it that a VMware support bundle should be released sometime soon. After you have the patch for VMAX as well as vSphere you should have no problem turning HardwareAcceleratedMove back on.

So to wrap this up….VAAI issue when mixed with VMAX, but it doesn’t affect all VAAI functionality, just XCOPY (HardwareAcceleratedMove) and even then it doesn’t affect every single operation. Get the patches, get them installed and get back on schedule!

Posted under Storage, vSphere

In a very random situation that most customers probably wouldn’t even encounter, we’ve came across a bug while importing an OVF that has a VMDK with a SCSI Address of X:15 (ie: SCSI 0:15, SCSI 1:15, etc). It appears that vSphere doesn’t take kindly to virtual machines being imported that have virtual disks addressed as X:15 and will issue the fatal error “Unsupported value ‘15′ for element ‘addressOnParent’. I’ve tested this with different SCSI Adapters thinking it was perhaps tied to LSI Parallel, this was not the case as it failed with all other adapters.

This issue actually came up initially while attempting to import an OVF into a Catalog within vCloud Director. A similar error appears stating “The following error was encountered while processing the OVF file you provided: Unsupported value ‘15′ for element ‘addressOnParent’.”

You can see the offending line within the actual OVF file shown below, this is tied back to the actual VMDK and what SCSI Bus it resides on, as shown in the picture below the OVF file.

I’ve raised the question to VMware Engineering and will hopefully be able to post their response to this issue shortly.

Posted under Cloud, vSphere

Hey there you Linux (or Mac) Users! vmware Labs has released another fling, with RVC you can now manage your vSphere environment using your Linux or Mac CLI! RVC is built on Ruby (RbVmomi bindings to the vSphere API) and will require at least Ruby 1.8.7+ to run, the preferred version of Ruby is 1.9.2. The RVC is extremely simple to install and start using. You can download the code right now from http://labs.vmware.com/flings/rvc. As the development team states in the fling, “RVC doesn’t (yet) have every feature vSphere Client does, but for common tasks it can be much more efficient than clicking through a GUI.” this is still pretty darn cool and will allow you to potentially script some basic vSphere tasks with an extremely small Ruby footprint!

Posted under vSphere

vmware has recently released a patch for their vSphere 4.0 product line, which affects both ESX and ESXi.

Details from vmware;

We are pleased to inform you that a new VMware ESX 4.0 Patch is available as of April 28, 2011.

Improvements included in this patch:

• An update for the Certificate Revocation List (CRL) to revoke an RSA key that HP uses for code signing certain software components
• Remediation of a denial of service possibility. By sending malicious network traffic an attacker could exhaust the available sockets which would prevent further connections to the host
• Refinements in handling of shared folders

Detailed information regarding resolved and known issues and enhancements can be found at ESX 4.0 Patch Release Notes

• http://kb.vmware.com/kb/1037260
• http://kb.vmware.com/kb/1037261

VMware ESX 4.0 Patch is available for download at:
Download VMware ESX 4.0 Patch http://www.vmware.com/patch/download/.

Thanks,

VMware vSphere Product Management Team

One of the patches included (ESX400-201104401-SG for ESX and ESXi400-201104401-SG for ESXi) resolves a couple different issues, one updates the Certification Revocation List (CRL) to revoke a key that HP uses for code-signing certain software components. HP server contains a new key pair and has re-signed the affected software components with the new key. What this means is that if you apply this patch on a HP server and you are using specific HP management agents (like the HP Management Agent for VMware ESX 4.x) you will need to download the software with the updated key and re-install it.

The other fix within the above mentioned patch resolves a potential denial of service attack against the vmkernel over it’s management interface. When an attacker exhausts all available sockets the ESX(i) host will become inaccessible via vCenter or the vSphere client. Virtual Machines will continue to run and have network connectivity, but the ESX(i) host may need to be rebooted in order to be able to connect to the machine again. The ESX(i) system might intermittently lose connectivity caused by applications that do not correctly close sockets. If this occurs, an error message similar to the following might be written to the vpxa log file:
socket() returns -1 (Cannot allocate memory)
An error message similar to the following might be written to the VMkernel log file:
socreate(type=2, proto=17) failed with error 55
The Common Vulnerabilities and Exposures Project (cve.mitre.org) has assigned the name CVE-2011-1785 to this issue. More information on this patch can be found in KB 1037258 (ESX) and KB 1037259 (ESXi).

Another patch, specific to ESXi (ESXi400-201104402-BG), has also been released. The only information on this patch can be found in KB 1037553 which states “This patch improves the way shared folders are handled.”.

Posted under vSphere

The VMware Labs team released a little gem of something that I’ve been wanting to do for quite some time. Taking the full install of the vSphere Client and creating a ThinApp package out of it…that’s right, the entire application in one small and easy to use executable file. The details on the flings page says it best…

Run vSphere client 4.1 in a snap. No install, just download the EXE and double-click. Place the ThinApped vSphere client on any network share and it will automatically stream to any Windows PC with no installation, agents, drivers, or specialized servers required. Carry ThinApped vSphere client and your customization on USB stick and now your vSphere client is available on the GO!

Download it for yourself from here today!

Posted under vCenter, vSphere

Yesterday, February 10th, VMware made available for general consumption U1 to their vSphere 4.1 product line. This update includes all prior patches as well as a number of new enhancements to the vSphere product suite.

This release provides the following improvements, I’ve included some notes along with the high-level updates:

VMware ESX/ESXi

• Support for up to 160 logical processors
  • Prepared for the release of the Westmere-EX processor
• Inclusion of additional drivers
  • 3ware and Neterion drives are now included
• Enablement of Intel Trusted Execution Technology (ESXi only)
  • More information on this can be found in KB 1033811 
• Additional guest operating system support
  • Provides support for RHEL 6, RHEL 5.6, SLES 11 SP1 for VMware, Ubuntu 10.10, and Solaris 10 Update 9 guest operating systems
• Bug and security fixes
  • A listing of resolved issues can be found in the release notes

VMware vCenter

• Additional guest operating system customization support
  • Windows 7 SP1, Windows Server 2008 R2 SP1, RHEL 6, RHEL5.5
• Additional vCenter Server database support
  • SQL 2008 R2, SQL 2005 SP3, Oracle 11g R2, DB2 9.7.2
• Bug and security fixes
  • A listing of resolved issues can be found in the release notes

VMware vCenter Update Manager

• The VMware vCenter Update Manager Utility to help users reconfigure the setup of Update Manager.
• Bug and security fixes.

VMware vCenter Orchestrator

• Bug Fixes

For additional details regarding the new fixes and improvements, please refer to the following release notes:
VMware ESX
VMware ESXi
VMware vCenter

VMware vSphere 4.1 Update 1 is available for download from the VMware website as well as through VMware Update Manager (for your ESX and ESXi hosts). Keep in mind, the only way you can switch from ESX to ESXi is to do a fresh install. I’d highly recommend using Host Profiles to make this migration quicker and easier.

Jason Boche has already noted one potential issue with using VMware Update Manager (VUM) to upgrade from 4.1 to 4.1 U1, check that out here.

Posted under vSphere