Skip to content

VCAP Exams on vSphere 5.1 Expiration

The certification exams for VCAP5-DCA and VCAP5-DCD on vSphere versions 5.0/5.1 are set to expire on January 31, 2015.  The exams for vSphere version 5.5 will continue to be available.  So, if you plan to seek the VCAP5-DCA certification and prefer to be tested on vSphere 5.0 / 5.1, then you should plan to take the VDCA510 exam by the end of January.  Likewise,  if you plan to seek the VCAP5-DCD certification and prefer to be tested on vSphere 5.0 / 5.1, then you should plan to take the VCDC510 exam by the end of January.  Otherwise, you can take the VDCA550 and VDCD550 exams, which cover vSphere 5.5, at any time.

For those of you that choose to use the Official VMware VCAP5-DCA Cert Guide from the VMware Press to prepare for the VCAP5-DCA exams, be sure to purchase the Premium Edition, which includes online content that covers the blueprint for the VDCA550 exam.  The online materials include information on using the vSphere Web Client, new features in vSphere 5.5, items that covered in the VDCA550 blueprint (but not covered in the VDCA510 blueprint), and additional practice exams.

 

Manually Using SYSPREP in Windows 2012 VMs and Templates

Recently, on a professional services engagement, we encountered a situation, where the Customization Wizard was failing to successfully apply SYSPREP to Windows 2012 Servers.  Because our main objective and my time was focused on other areas, we could not take time to resolve the underlying the root cause, so we needed a work-around.   This led us to applying SYSPREP manually, which I had not done in a long time.  Here are the details that we applied toward using SYSPREP manually in a VM template

 

Our main concern is if we deploy two VMs from a template or VM that already has a SID, then an issue may occur if we try to add both new VMs to the domain.  The following error may occur when adding the second VM.

sysprep-1a

To fix this in the second VM, you can use these steps:

1 – Open RUN and enter sysprep

sysprep-2a

2 – Right-click on sysprep and choose Run as Administrator

sysprep-3a

3 – In the System Preparation Tool Window, set the System Cleanup Action dropdown = Enter System Out of Box Experience (OOBE). check the Generalize box, and set the Shutdown Options to Reboot.

sysprep-4a

4 – SYSPREP will run the necessary action and restart Windows.

5 – As Windows reboots, it will prompt for new Settings.  Apply the appropriate settings for this VM.   Windows will now have a new SID.

6. – After Windows starts, you should be able to successfully add it to the AD domain.

 

To avoid this issue in the future, deploy a Windows VMs from a template where SYSPREP has been used to strip the SID and where Windows will prompt for new settings on the next boot.  To prepare the template, perform these steps:

  • In a new VM, install Windows 2012 R2
  • Install VMware Tools
  • Install all Windows Updates
  • Use Steps 1 to 3 from above, except on step 3, set the Shutdown Options = Shutdown (not restart)
  • After Windows shutdown finishes, use the vSphere Client to right-click on the VM and choose Convert to Template

 

 

 

Forgot ESXi Password? Here is a fix.

Here is a slick way using host profiles.  It calls for using a host profile and using the Configure a fixed administrator password option.   Details at:

http://www.vladan.fr/how-to-reset-esxi-5-x-root-password-and-under-which-conditions/

 

But, it may not be supported.  The statement in the following KB article indicates that the only supported way to reset the root account password on an ESXi host is to reinstall ESXi.

http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=1004659

Choosing the Best NIC Teaming Load Balancing Policy in vSphere

Frequently, on my professional services engagements, my customer will ask me which NIC Teaming Load Balancing option is the best choice when configuring virtual switch port group in VMware vSphere.  The following represents my typical answer:
Here are guidelines for choosing the best NIC Teaming Load Balancing policy:
  • Based on IP hash – Use this only for Etherchannel (port channel).  If the uplinks on a standard virtual switch or distributed virtual switch connect to an Etherchannel, then set the NIC Teaming Load Balancing to IP Hash for each virtual port group that uses these uplinks.    This could also be used when implementing new features in vSphere 5.1 and 5.5 that allow LACP to be configured on the physical uplinks of a distributed virtual switch.
  • Based on originating virtual port – This is the default.  It has traditionally been the best setting for most virtual port groups, whenever Etherchannel is not involved.  It is still the best setting in most cases when Ethernet is not involved for standard virtual port groups,  Load Based Teaming (LBT) is often preferred in this case for distributed port groups
  • Based on source MAC hash – This is seldom used, but is preferred whenever you want to control the placement of VMs based on their MAC address assignments.
  • Based on physical NIC load – This is also called Load Based Teaming (LBT).  It is a fairly new feature on dvSwitches and is typically preferred over port-based teaming, because the two perform identically, except that LBT includes intelligence to migrate virtual adapters from a busy uplink to a lesser active uplink.  In many cases, this is preferred over using Etherchannel to provide a scalable NIC Team that does not require special settings on the physical switch, so it is easy to manage.  However, Ethernet is still preferred in cases where the best resiliency, scalability, and performance is needed.
  • Explicit Failover – Used in cases where the administrator prefers to manually balance the workload by placing some VMs and vmkernel virtual adapters on specific port groups that utilize a specific set of active ports.  A common example, is where the Management Network and vMotion are the placed on a virtual switch by themselves – often the Management Network is set to use vmnic0 as Active and vmnic1 as Standby and vice versa for the vMotion port.

 

LACP, LAG, Etherchannel and vSphere 5.5 – a simple explanation

I have often stumbled when trying to explain the differences and the relationships between Etherchannel, LACP, and IEEE802.3ad.  I began stumbling more when I learned that vSphere 5.5 supports Enhanced LACP and LAGs.   Here is my best attempt to clarify.

Etherchannel:  an Etherchannel is a logical channel formed by bundling together two or more links to aggregate bandwidth and provide redundancy.  Another acceptable name for Etherchannel (an IOS term) is port channel (an NXOS term).  Another acceptable name is Link Aggregation Group (LAG)

LACP:  a standards based negotiation protocol used to dynamically build an Etherchannel.  It is known as the IEEE 802.1ax (or IEEE 802.3ad) Link Aggregation Control Protocol (LACP).    It is a protocol used to build Etherchannels (LAGs) dynamically.   LAGs (Etherchannels) can be be also be built statically without using LACP.

IEEE 802.1ax:  The IEEE working group that defines port channel, EtherChannels and link aggregation.  Orinally, the working IEEE group was 802.3ad, but in 2008 it was replaced by 802.1ax.

IEEE 802.3ad:  the original IEEE working group for port channel, EtherChannel, and link aggregation.  Although it has been replaced with 802.1ax, referring to IEEE 802.3ad is typically acceptable.  So references to IEEE 802.3ad LACP are common.

vSphere pre version 5.1:  the standard virtual switches and distributed virtual switches provided natively by VMware vSphere 5.0 and earlier do not support LACP (dynamic LAG / Etherchannel creation); however, they support statically built LAGs (or this may be called static LAGs or static Etherchannels)

vSphere 5.1:  the distributed virtual switches provided natively by VMware vSphere 5.1  support LACP (dynamic LAG / Etherchannel creation).  The support is limited to one LAG per ESXi host and per dvSwitch

vSphere 5.5:  the distributed virtual switches provided natively by VMware vSphere 5.5  support LACP (dynamic LAG / Etherchannel creation).  It supports 64 LAGs per ESXi host and 64 LAGs per dvSwitch.

VMworld 2014 Souvenirs

I attended my 10th consecutive VMworld this year.  Here are some of my main take-aways.

VMware vSphere 5.5 Update 2:  is now GA and available for download.  Some features are:

  • Support for ESXi hosts with up to 6TB RAM
  • VMware vShield Endpoint driver is bundled with VMware Tools and called Guest Introspection
  •  VMware vCenter Server now supports these databases:  Oracle 12c, MS SQL Server 2014.  It drops support for IBM DB2.
  • vCenter Server Appliance meets high-governance compliance standards through the enforcement of DISA STIG.
  • Resolves several known issues
  • For details, see the VMware Blog.

Additionally, VMware now offers a very attractive edition of vSphere 5.5 for remote offices and branch offices (ROBO).  This edition is aimed at distributed deployments, where the Essentials and Essentials Plus editions have previously been implemented.  The licensing for this new edition is offer in packs for 25 VMs.  Details are on the VMware Blog.

VMware vSphere 6.0 Beta:  as a reminder, on June 30th, VMware announced the availability of the VMware vSphere 6.0 Beta program that it opened to the entire VMware community.

VMware acquires CloudVolumes:  CloudVolumes’ technology, which is focused on virtualization above the OS, is sort of a hybrid of other technologies including application virtualization, layering, and containers.  It installs applications in virtual disks (VMDK or VHD), records dependencies in an AppStack volume, and provides the VMDK/VHD as a read-only volume that can be instantly assigned to multiple VMs.  Details are here on VMware blog.

Fault Tolerance (FT) in vSphere 6 supports VMs with up to four vCPU cores.  The underlying code has been re-written.  It uses Checkpointing instead of record / replay.  The secondary VM has its own virtual disk, allowing FT to protect against datastore failures as well as host failures.  It no longer requires eager-zeroed thick virutal disks.  To get started, here is a good article on WoodITWork (not a VMware provided article) to get familiar.

VMware EVO: Rail Deployment Configuration and Management (VMware EVO Rail):   combines compute, networking, storage, and software into a hyper-converged infrastructure appliance.  It is a scalable Software Defined Data Center (SDDC) building block that includes VMware vSphere Enterprise Plus, VMware vCenter Server , VMware Virtual SAN, VMware Log Insight, and VMware EVO Rail deployed within a 2U 4-node hardware platform provided by a VMware qualified partner.  Each node, which is optimized for VMware EVO Rail, provides:

  • Two 6-core CPUs
  • 192 GB RAM
  • Three SAS 1.2 TB HDD and one 400 GB SSD for VMware Virtual SAN
  • Two 10 GE NIC ports

The VMware EVO Rail greatly simplifies the deployment, configuration, and management of SDDC.  It enables you to create your first VM within minutes following the initial power-on of the solution.  It is sized to run approximately 100 average sized, general purpose VMs or 250 virtual desktops (provided by VMware View),  but naturally, the VM density depends on each use case.

See the Introduction to VMware EVO: RAIL

VMware EVO: Rack:   This is built on the same concepts as VMware EVO Rail, but is aimed at a different customer base.  VMware EVO Rack is aimed at private clouds for medium to large enterprises, where VMware EVO Rail is aimed at mid-size companies, remote office / branch office (ROBO) and VDI solutions.  EVO Rack includes VMware NSX.   For details, see the note from the CTO on the  VMworld 2014 announcement of the Tech Preview of VMware EVO Rack.

My TV Debut … Actually, this is my interview on VMware TV on the Official VCAP5-DCA Cert Guide that I wrote with Steve Baca.   I am pleased that the  guide was the 2nd best seller at VMworld.

VMware Hybrid Cloud is now VMware vCloud Air:  VMware vCloud Air, which is built upon a vSphere foundation, allows you to integrate your private cloud with an public cloud and allows you to easily migrate workloads between the two clouds.  Actually, it provides you a hybrid cloud where you can easily deploy, manage, and migrate workloads that are running on-premises and off-premises.  Details at vCloud.vmware.com.

VMware Integrated OpenStack (Beta):  VMware Integrated OpenStack is designed for enterprises that want to provide an environment that is similar to public clouds to the developers that are actually using a private VMware virtual infrastructure.  VMware Integrated OpenStack provides cloud-style APIs in an infrastructure built on VMware vSphere. The main goals are to allow VMware customers to successfully deploy OpenStack while leveraging their existing VMware investments and  to allow them to confidently deliver production-grade OpenStack with full support from VMware.  See details on the VMware Integrated OpenStack Beta at  http://www.vmware.com/products/openstack.

VMware NSX 6.1: VMware NSX, which allows you to configure virtual networks (logical switches, logical routers, logical firewalls, logical balances, logical VPN, etc) in software, independently of the physical network, has been upgraded to version 6.1. VMware NSX implements network layers 2 through 7 components in software  and uses the physical network as a tranport mechanism.    Although it is integrated with VMware vSphere, VMware vCloud Director, and VMware vCloud Automation Center,  it can also be deployed in multi-hypervisor environments, such as those that utilize Xen Server and KVM.  See this URL to get familiar with NSX:  http://www.vmware.com/products/nsx/

Some new feature in NSX 6.1 include:

  • Highly available NSX Edge clusters
  • DHCP Relay
  • Improved load balancing that now includes UDP and FTP load balancing, which can support services such as NTP and DNS
  • See the NSX 6.1 Release Notes for more details on what’s new in NSX 6.1.

 

VMware vCloud Suite 5.8: this version includes these new features:

  • Support Assistant, which is a tool that can be configured to automatically, proactively collect log bundles and transmit them to VMware support.
  • Expanded big data support, which now includes Hadoop 2 distributions.
  • Policy-based provisioning in vCloud Automation Center’s (vCAC) blueprints for DR protection tiers that are provided by VMware Site Recovery Manager (SRM) viaa  vCenter Orchestrator plug-in.
  • Other DR improvements involving better SRM integration and scalability
  • See the Release Notes for more details.

VMware Realize Air:  is basically vCloud Automation Center (vCAC) presented as a SaaS-based application.  To get started, see these links in the specified order:

VMware Virtual Volumes:  This feature allows you to use a Storage Policy Based Management (SPBM) mechanism per virtual machine, or actually per virtual disk.   Each storage system can automatically present a unique set of storage capabilities to vSphere, which can be used used to apply storage policies per VM.  The concept is similar to the concept used by VMware Virtual SAN, whose capabilities and policies that can be used with local storage, but VMware Virtual Volumes extends the concept to your FiberChannel, iSCSI and NAS storage.   Instead of configuring logical units (LUNs) in your SAN, you will simply present a pool of array based storage to vSphere and let vSphere do the work.   Typically, the policies provided to vSphere using the VMware APIs for Storage Awareness (VASA) are focused on performance (such as disk stripes), redundancy (similar to RAID parity), and replication.  Here are the details on the VMware Virtual Volumes Public Beta.

VMware Certification:  VMware recently announced a new certification track in Network Virtualization, which includes an advanced level called the VMware Certified Implementation Expert – Network Virtualization (VCIX-NV) and the VMware Certified Design Expert – Network Virtualization (VCDX-NV) .  Details are at http://mylearn.vmware.com/portals/certification/.

VMware vSphere Client:  is not going away quite yet.  Instead, it has been improved in vSphere 5.5 U2 to support VMware hardware version 10.  Be careful though, the vSphere Client 5.5 U2 can be used to edit VMs that use VM hardware version 10, but it can only change features that are available in version VM hardware version 8.   See the VMware Blog for details.

VMware Workspace Suite:  a suite that combines AirWatch and VMware Horizon to provide a virtual workspace that unifies mobile, desktop and data.  See the the Workspace Suite Introduction on the VMware blog.

NVDIA Grid vGPU on vSphere: NVIDIA and VMware announced an early access program for NVIDIA GRID™ vGPU on VMware vSphere. See details on the program and see the video on the technology.

VMware and Docker partnership:  they see a world where VMs and containers play nicely together.  See Dockers announcement.

VMware Authorized Training Center (VATC) changes:  VMware Education recently changed their VATC program, such that only three VATCs remain, who can offer the vSphere Install Configure Manage class and Horizon View Install Configure Manage class for open enrollment.  These VATCs can still offer any authorized VMware class for private delivery.  VMware Education still recognizes several VMware education distributors, who can provide all authorized classes for open enrollment and VMware education resellers, who can resell classes for the distributors.  Generally speaking, VMware customers should still be able to reach out to their current VMware training providers for guidance.

 

Addressing the Short Password Expiration in vCenter Server Appliance

Many vSphere administrators have learned the hard way that with default settings, the root account in the vCenter Server Appliance 5.5 expires after 90 days.   The VMware KB article 2069041 addresses how to change the root account password after it expired, which requires rebooting the appliance,  modifying the grub boot parameters and using the passwd command.

To avoid this issue, you could consider modifying the ESXi host policies, such that it forces the user to change the root account password whenever it expires rather than locking the root account.  The KB article 2069041  also discusses how to adjust the expiration policy.

Likewise, some vSphere administrators have unexpectedly experienced situations where the VMware vSphere Single Sign-On (SSO) administrator account  is locked due to password expiration.  See VMware KB article 2034608 for details on resolving the issue in SSO 5.1 and SSo 5.5.

Naturally, you can avoid certain issues by configuring a solid SSO Password Policy by implementing the procedure found here.