Tuesday, December 30, 2014

eBooks for only $5

WOOHOOOO last post of the year ….. and while I was struggling to get my mind to work this week ,it came across me that the last year promotion at Packt Publishing is back.

Until January 06th, 2015 you can buy any eBook or Video for just $5, and you can buy as many as you want. That's a great opportunity to get that book you want and improve your skills.
I got tell you, I’ve used it’s services before and it’s great, easy to use, several formats for reading the eBooks and also an amazing variety of contents.

I did a suggestion’s list just in case you are as lazy as I’m these days : )

Disclaimer: Compensation was provided by Packt Publishing. The opinion expressed here are those of the author and are not indicative of the opinion or positions of Packt Publishing.

Friday, December 19, 2014

vRealize Orchestrator 5.5 and Chargeback 2.6 Compatibility

I’ve been working on a public cloud solution for one of our vCloud Air Network Service Providers.  I was creating some automation for their billing system and one of the tasks was to automatize the extraction of vCenter Chargeback Cost Reports, this task is easily accomplished with vR Orchestrator.

vR Orchestrator has a plug-in for vCenter Chargeback which allow us to connect to it, generate reports and export it (among other things).

Sadly when I was configuring the integration, I started receiving and error message stating that Chargeback could not be added into vRO system.

The error said: java.lang.Exception: Unable to login as the service is not running on to the specified port

 Immediately I started with the basic troubleshoot scenario:

- Checked port (443) communication between vRO and Chargeback . It was OK.
- Credential to login on Chargeback. It was OK.
- SSL Certificates. Just to make sure, I re-generate the certificate and re-import into vRO. No problems here.

Since everything looked perfectly fine I decided to open a case with VMware support.

The environment was:
vRO: (
vRO Plugin for Chargeback:
Chargeback: 2.6 (1445187)

After some exchange of information and tests they figured out what was wrong.

vRO 5.5 uses java 1.7 and the Chargeback SDK implemented on the plug-in could not establish communication with that version of java.

The solution was to update the plug-in to use a version compatible with java 1.7 of the vRO.
Once they provided me the new plug-in I was able to configure Chargeback successfully.

I’m expecting that the new plug-in will be updated at Solution Exchange very soon, meantime you can get the new version opening a case with VMware support, mention my case (SR14548138010) and they can provide you the new plug-in.

I little bit of extra information,  this issue does not happen on vRO 5.1.

BTW, is it Christmas already ?!?!

Thursday, December 11, 2014

Automatically Licensing ESXi

Let’s be honest, licensing each ESXi host we place on the environment is a tedious task right, so why not automatize it ?!?
The majority of environments I’ve been working with just have a single bulk of licenses, deciding what license to choose doesn't need much thought ; )

The solution has been always there, documented at ESXi Installation Guide.

Let’s see how to set up Bulk licensing.

You will need PowerCli to execute it. 
If you are not familiar with that, I recommend to start reading PowerCli basics.

- start PowerCli;
- connect to the vCenter you will set up the licenses;

First thing is to bind license manager to a variable, so we can reference it in the future

- run: $licenseDataManager = Get-LicenseDataManager

You can assign a license to a specific Cluster or an Entirely Datacenter, that way the host will be licensed depending on where it will be added to. I’ll add it to my datacenter, so every host on this datacenter will get the same license.

- run: $hostContainer = Get-Datacenter -Name “Datacenter_name”

Now it comes the magic, create the reference for your license

- run: $licenseData = New-Object VMware.VimAutomation.License.Types.LicenseData
- run: $licenseKeyEntry = New-Object Vmware.VimAutomation.License.Types.LicenseKeyEntry
- run : $licenseKeyEntry.TypeId = "vmware-vsphere”
- run: $licenseKeyEntry.LicenseKey = "Your license goes here"

Then you associate them together

- run: $licenseData.LicenseKeys += $licenseKeyEntry

Last step is to tie up the license with the datacenter we selected above

-run: $licenseDataManager.UpdateAssociatedLicenseData($hostContainer.Uid, $licenseData)

To make sure license has been configured and tied together properly you can run:


The output should be similar to the screen bellow

Now, let's make it a try !!!

I do have an ESXi host using an evaluation license

 Just removed the host from my inventory and added it back to the Datacenter where my bulk license is set up.

As we can see it has been licensed immediately.

One thing to notice is if your host is already licensed it wont get a new one.

Bye bye boring task ; )

Thursday, December 4, 2014

vShield Driver is now Guest Introspection.

These days one of my clients was working on an agentless antivirus solution for their VMware vSphere environment when suddenly he asked me: “Where’s vShield Driver ?

See an old Picture

It turns out, it has been renamed !!! Thin agent is now called Guest Introspection driver. 
The change came with ESXi 5.5 update 2 release.

But it’s implementation remains the same.

- starts VM tools installation
- select Custom

- Expand VMware Device Drivers / VMCI Driver

 See, it’s there as it supposed to be, just undercovered as a another feature; )

Thursday, November 27, 2014

ESXi password complexity requirements

Have you tried to set up or change a root's password for an ESXi host and got the following error message:
Weak password: not enough different characters or classes for this length.
passwd: Authentication token manipulation error

 For security reasons, VMware ESXi, enforces some password requirements.  Learning how it works can avoid issues like the above one.

The password length requirement will depend on the number of classes used to compose it.
The classes available are:
- lowercase letters;
- uppercase letters;
- numbers;
- special characters;

With than in middle, you can come up with a password like that:
If it contains just one or two character classes it must be at least 8 characters long;
If it contains three character classes it must be at least 7 characters long;
If it contains all four character classes it must be at least 6 characters long;

One thing to notice is, if the password starts with an uppercase letter or ends with a number, those characters does not count toward the numbers of valid characters.

Even though you might think these requirements are too restrictive (or may be not restrictive enough), you can change pam.d module to setup the requirements to meet your company’s policy, check KB1012033 to learn how to accomplish it.

Caution: reducing the password's complexity inadvertedly might reduce the security of ESXi.

Friday, November 21, 2014

vCAC Inventory Collection Fails

This one will be a quick one ; )

I’ve tried to run an inventory collection against a VMware vCloud Director Computer Resources at vCAC, or should I say vRealize Automation, but every single try consistently returned with a failed status.

Because of that, when I tried to create a Reservation, the resources available on that Org vDC  were not showing up.

I started looking at my endpoint and credentials configuration, both were fine, in fact Computer Resources backed by others Org vDCs were running just fine, which made me belive it was something with that specific Org vDC.

Since vRA does not provide enough information on the inventory screen, I had to take a look at the log directly.
 Logs about vCloud Director’s inventory collections can be found on the DEM Worker component. VMware has this nice KB2074803 about the logs location.

The log clearly stated that it was failing because there was no network configured on the Org vDC.

Once I created an Org Network on the Org vDC, the inventory collection ran successfully.

I pretty sure you guys that are smarter than me can come up with a lot of use cases for a Org vDC without network connectivity, but to be honest right now it seems more a bug than a requirement.

Do you agree ?

Wednesday, November 12, 2014

Datastore Cluster Performance View

Datastore Cluster came to alleviate some of the innumerous administrators pains, micro management of single datastores, virtual machine placement decisions, manually balance VM’s between datastores to avoid out of space or performance implications.
Thanks to that, we can now create a single object (Datastore Cluster), associate the datastores with it (don’t mix and match datastores with different characteristics, for God’s sake) and leave these tedious tasks with the system.

Eventually you will need to monitor the performance of it, here’s where this post comes to help.
vSphere Web Client has a Datastore Cluster performance View.

- Open vSphere Web Client;
- Select the Datastore Cluster you want to monitor;
- Select Monitor tab and then Performance Tab;

- Just change the view from Space to Performance.

Ohhh wait, Performance View is missing !!!!

Well, that happens to the best of us.
The thing is, Performance View will just be available if Storage DRS is enable on the Datastore Cluster, another thing to notice is that all hosts need to be greater than ESXi 4.1 (this one I could not test myself, if you have an older host give it a try and let’s know).

Let's enable it !!!

- Select Manage Tab;
- Select Storage DRS and click Edit;

- Just Turn On vSphere Storage DRS and click OK;

Nice !!! this time Performance View is available

 Ohhh wait again !!! there’s no data and the message says: Data is not collected for the current statistics level. Increase the statistics level to view the graph.

That’s because the way your vCenter Statistics is configured. You can raise it a little bit to get more than real time data (use with caution).
Also Storage DRS has it’s own statistics mechanism. Check KB2009532 for more details.

Once everything is set-up, you can see the performance data of your datastore cluster.

Tuesday, November 4, 2014

VXLAN Preparation Failed

Have you ever faced a preparation error while configuring VXLAN ???

Regardless if it was part of a bad preparation, a partially installation or an old configuration remaining on the hosts, you might end up not being able to configure VXLAN and will be presented with the error:
Cluster domain-cXX already has been configured with a mapping.

The issue is that a previous attempt was made and the configuration details was kept on vCNS Manager. To proceed you will need to clean that up.

I recommend you follow this fix with a VMware support representative, in any case, here’s how to fix it.

- Login to a server, which has cURL, installed (FYI: vCloud Director has cURL installed on the cells);
- run the following command;
curl -i -k -H "Content-type: application/xml" -u admin:”password” -X DELETE https://"vCNS”/api/2.0/vdn/map/cluster/”domain-cXX”/switches/dvs

replace password with the password of your vCNS Manager
replace vCNS  with the hostname of  your vCNS Manager
replace domain-CXX with the domain provided on the error message.

- Run the preparation again.

This time it will succeed.

Friday, October 24, 2014

VMware Hybrid Cloud Powered Certification

Members of VMware vCloud Air Network Service Providers (old VSPP) can submit their Cloud solutions for a VMware’s certification, Hybrid Cloud Powered Certification.

I’m sure you can come up with a pretty extensive list of benefits for taking the certification, but here is the most common ones:
- Validate that your infrastructure is based on VMware Platform;
- Accelerate time to market;
- Differentiate your cloud services offering;
- Utilization of the logo on marketing materials.

The idea of this post is help you to go through the certification process.

The eligibility:
Partners must be enrolled in the VMware vCloud Air Network Program (formerly called the VMware Service Provider Program) and have a signed contract with an authorized VMware Aggregator for a minimum of 3600 points.

Besides the eligibility, you need to adhere to the technical requirements, basically anyone with a public vCloud Director implementation is a cadidate, nothing fancy is required, read it carefully and I will fill in the gaps:

Tip1: Step Org Network Availability
While the requirements say the user should have at least vApp Author role, I could not not pass this step until I did not set the user as an Org Admin.

Tip2: Step Access vCloud controller from vApp
The requirements do not specify which distribution of linux is required. You can use any one supported by vCloud Director.
Also it does not specify if any package should be installed. I learned the hard way, installing a package at a time and testing, once I installed the packages bellow I could get passed this step:
- cURL;
- telnet;
- wget;
- bind utils.

Tip3: OVF Support
Make sure you did not enable Quarantine on vCloud Director
Also, make sure the public address are set up correctly

IF you make everything right you should pass the certification in less than 20 minutes.

The process is entirely automatic, which I think is amazing.
A few minutes later I received an e-mail congratulating me and some instructions to add the Service Provider to VMware’s vCloud Air Network Service Provider Portal.

Go for it, you have nothing to lose. 

In case you wanna watch the process, here a steb by step video...

Wednesday, October 15, 2014

vCloud Director – Quarantine Files

Recently, I’ve faced an odd behavior with VMware vCloud Director, when uploading virtual machines with OVF format to my vCloud Organization, the process did not complete as expected.

The error vary depending where you are uploading them to: 
When importing the vApps directly to My Cloud the messages says, “failed to create”.
When importing the vApps directly to Catalog the messages says, “Quarantine Expired”.

It turns out it’s not a bug or an issue with the system, it’s just a feature, which I did know nothing about it, learning a new thing every day : )

vCloud Director has the ability to quarantine the files users are uploading to the system for further investigation before making them available.  It’s a perfect use case if you want to scan the files with an antivirus solution for instance.

OK, let see how it works.

First you need to enable it on your vCloud Environment
- Login to vCloud, click on Administration tab click on General
- Scroll down to Timeouts, enable the Quarantine option and set the timeout for it.

Now you can go ahead and upload your OVF.

When you upload it directly to My Cloud, the vApps status will be Pending.

If not action is taken, after the time period you set up for timeout, the upload fails and the status change to Failed to Create.

When you upload it directly to a Catalog, the vApps status will be Quarantined.

If not action is taken, after the time period you set up for timeout, the upload fails and the status change to Quarantine Expired.

It worths to mention that while the item was quarantined, it was not available to others users deploy it.
As you can see by browsing the Catalog.

This post is not intended to show how to create a monitoring/quarantine solution for vCloud (may be in the future), it’s just about to create awareness of the feature instead.

The vCloud Director Admin Guide has a section about Monitoring Quarantine Files.

During my research I found a blog post from Magnus Andersson, which stats this feature was not working because it has been deprecated in favor of API and blocking tasks.
While I’m not here to doubt about his information, I want to show that in fact this feature is working on my environment, may be because I’m using vCloud 5.5 and someone might have fixed it (Magnus was using vCD 5.1.2).
I will also try to confirm internally if this feature was been deprecate indeed and I’ll let you know.

See you

Friday, October 10, 2014

VCP5-DCV Delta Recertification Exam

I’m sure you guys remember the VMware’s Recertification Policy, right ?!?

It turns out that the first cycle of Certification Expiration will be starting at March/2015, don’t fool yourself, it’s right around the corner.

Thinking about those certified professionals, whose are just looking of ways on how to recertify their current certifications and not necessarily pursuing more advanced levels of certification, VMware launched a promotional delta exam for actual VCP5-DCV holders…….yeah, we heard you !!!

So this delta exam will just recertify your actual VCP5-DCV certification, will not provide you any higher level, also it will be based on the new features of vSphere 5.5.

To get ready for the exam, VMware is offering a FREE online curse (What’s New Fundamentals V5.5), you can take it anywhere, anytime you want.

The exam will cost US$ 120. I know it’s not free, but at least is better than paying for the regular exams+courses.

One last thing, you need to hurry, it’s available just until November 30, 2014 March 10, 2015 March 31, 2016 (VMware has extended it).

More details you can find on VMware’s communication.

Good luck

Wednesday, October 1, 2014

vCloud Director External Catalog Publishing

 Recently I’ve been faced with a challenge on a client’s vCloud Director Implementation.
Their vCloud solution allows customers to choose to consume resources from two different locations. Those 2 Providers VDCs are backed by resources from two distinct sites.

Originally, they were holding a single Public Catalog stored on Datacenter A, but when users provisions vApps on Datacenter B, the templates got copied over the WAN, taking a long time to complete and prejudicing the user’s experience.

To provide the best user’s experience possible, I suggest to create a new Catalog, storing their data on Datacenter B, so the clients provisioning on Datacenter B chooses templates from Catalog B, keeping provisioning locally and enhancing the user’s experience.

It came down with the need to maintain two separate Catalogs.
Thanks to a new feature introduced by VMware vCloud Director 5.5, it’s now a piece of cake.

Let’s see how to Publish Catalog Externally:

First thing is to enable the Org to either Publish or Subscribe to a catalog,
- On the properties of the Organization, click on Catalog Tab
Select the desired option:
- Allow publishing external catalogs
- Allow subscribing to external catalogs

Now let’s create the Source Catalog
- On the Org, click on Catalogs tab and then on the plus sign to create a new catalog

- Give it a Name a Description and click Next

- Select a datastore where to store the templates and click Next
On our example, would be a datastore on Datacenter A

 - Set up the Catalog sharing as you would normally do and click Next

 Here’s where the magic happens
- Enable Publishing, protect it with a password is a good idea to avoid others subscribing to your catalog without your knowledge.

 - Click Finish to create the Catalog

Add the templates to the recently created Catalog as you would normally do.
At this point your Catalog is created and available to subscription from others, but in fact we don’t know your Catalog’s address yet.

- Back on Catalog tab, select the source Catalog and check Publish/Subscribe Settings..

 - Click on the External Publishing tab, there you will find the Catalog’s address, just copy it.
Now we just need to create an empty Catalog and subscribe to the content of the source one.

When creating a new Catalog..
- select Subscribe to an external Catalog, fill with the source Catalog’s address and the password for accessing it.

 Everything else is the same as a regular Catalog, just make sure to select a datastore on the correspondent site.
On or example, would be a datastore from Datacenter B.

Once it’s done you will see it’s Synchronization taking place.

One thing to be aware of is related with the transfer area of vCloud’s Cells.
During the synchronization, the templates are first exported to vCloud’s Cell transfer area then copied to the datastore of the destination.

You can see by the screen bellow that there was not folder in there, then during the synchronization a folder called 6326975a-a9b1-454b-97be-c416cc1526f got created, the data (vmdk) is copied to there and deleted after synchronization.

 Plan your transfer area accordingly

I’m sure you can come up with a lot of other use cases for this feature, like, if you have access to a Public Cloud and want to use your own catalog on-premises and off –premises.

Good Publishing….

Who am I

My photo
I’m an IT specialist with over 15 years of experience, working from IT infrastructure to management products, troubleshooting and project management skills from medium to large environments. Nowadays I'm working for VMware as a Consulting Architect, helping customers to embrace the Cloud Era and make them successfully on their journey. Despite the fact I'm a VMware employee these postings reflect my own opinion and do not represents VMware's position, strategies or opinions. Reach me at @dumeirell

Most Viewed Posts

Blog Archive