Home » VMware » vSphere 6.7

Category: vSphere 6.7

VMware vSphere 6.7 blog posts.

vSphere 6.7 Convergence Tool: Failed to get vecs users and permissions

Last week I was converting a vSphere 6.7 Update 1 environment from external PSC to embedded PSC. After a couple of seconds running the conversion, it ended in an error message (Failed to get vecs users and permissions).

The customer was using the latest available vCenter 6.7 update 1 release available at this point vCenter Appliance 6.7 U1b (11727113). The environment consists of one Platform Services Controller (PSC) and one vCenter Server (VC) and a couple of VMware ESXi 6.7 Update 1 hosts.



Error Message

The error message in my PowerShell window displayed the following error message. Not really the best message (possible resolution is []) but it pointed me in the right direction.

### PowerShell output from vcsa-util.exe
2019-05-07 11:07:58,538 [loggable.py:102]: ================ [FAILED] Task: MonitorPSCDeployTask: Running MonitorPSCDeployTask execution failed at 11:07:58 ================
2019-05-07 11:07:58,553 [loggable.py:102]: Task 'MonitorPSCDeployTask: Running MonitorPSCDeployTask' execution failed because [ERROR: Converge Process Failed!], possible resolution is []
2019-05-07 11:07:58,553 [loggable.py:102]: ================================================================================
2019-05-07 11:07:58,631 [taskflow.py:943]: <MonitorPSCDeployTask - com.vmware.vcsa.installer.converge.monitor_psc_deploy(FAILED)> in <ConvergeTaskFlow - converge(FAILED)> status changed to: FAILED
2019-05-07 11:07:58,694 [taskflow.py:641]: Execution attempt 1 for Task <MonitorPSCDeployTask - com.vmware.vcsa.installer.converge.monitor_psc_deploy(FAILED)> FAILED with exception: ERROR: Converge Process Failed!
2019-05-07 11:07:58,694 [taskflow.py:672]: Finished executing <MonitorPSCDeployTask - com.vmware.vcsa.installer.converge.monitor_psc_deploy(FAILED)> and its status is FAILED
2019-05-07 11:07:58,694 [taskflow.py:675]: <ConvergeTaskFlow - converge(FAILED)> overall status is now FAILED

Inside the “converge_mgmt.log” logfile the following error was displayed see output below. The log file can be found on the following location on your local system: “C:\Users\User\AppData\Local\Temp\vcsaCliInstaller-2019-05-07-11-25-6pn5b67r\workflow_1557228307149\converge\converge_mgmt.log“. Keep in mind, the file path is dynamic and I was using Microsoft Windows.

2019-05-07T11:07:46.688Z ERROR converge Failed to get vecs users and permissions. Error: {
    "componentKey": null,
    "problemId": null,
    "detail": [
        {
            "id": "install.ciscommon.command.errinvoke",
            "localized": "An error occurred while invoking external command : 'Command: ['/usr/lib/vmware-vmafd/bin/vecs-cli', 'entry', 'getcert', '--store', 'APPLMGMT_PASSWORD', '--alias', 'location_password_default', '--output', '/root/velma/old_certs/APPLMGMT_PASSWORD.crt']\nStderr: Error: No certificates were found for entry [location_password_default] of type [Secret Key].\nvecs-cli failed. Error 87: Operation failed with error ERROR_INVALID_PARAMETER (87) \n'",
            "translatable": "An error occurred while invoking external command : '%(0)s'",
            "args": [
                "Command: ['/usr/lib/vmware-vmafd/bin/vecs-cli', 'entry', 'getcert', '--store', 'APPLMGMT_PASSWORD', '--alias', 'location_password_default', '--output', '/root/velma/old_certs/APPLMGMT_PASSWORD.crt']\nStderr: Error: No certificates were found for entry [location_password_default] of type [Secret Key].\nvecs-cli failed. Error 87: Operation failed with error ERROR_INVALID_PARAMETER (87) \n"
            ]
        }
    ],
    "resolution": null
}
2019-05-07T11:07:46.706Z INFO converge Cleanup successful with partial flag = True.


Solving the issue

After searching on Google on the string “ERROR converge Failed to get vecs users and permissions“. I got a hit on a VMware KB article. The VMware article can be found below and explained what was going wrong.

The solution is very simple… remove the vCenter Backup Schedule in the VAMI (VMware Appliance Management Interface):

Procedure:

  1. Log into the vCenter Server Appliance Management Interface (https://%vcenter-fqdn%:5480)
  2. Login with the root account.
  3. Navigate to the Backup view
  4. Next to Backup Schedule, click the Delete button to delete the current backup schedule
  5. Attempt the convergence process again!
  6. Once the convergence is complete, re-create the backup schedule. See Schedule a File-Based Backup for more information on creating a backup schedule.

Community Feedback

I got the following feedback on this article after publishing:

  • Update 08-04-2019: David Stamen reached out to me on Twitter with the response: This was fixed in #vSphere67U2.

Sources

The following websites were very usefull for troubleshooting this issue:

Share this:

vRealize Automation – Failed to convert external resource %VM-Name%.

I ran into an error message today with vRealize Automation (vRA). The error message that came up was: Failed to convert external resource Prod-Fin-00012. The issue occurred in vRA version 7.3.1.

Inside the vRealize Automation portal, I tried to upgrade virtual machine hardware but it failed directly when issuing the request. Strange thing was it was working a couple of day ago. After some investigating the error also came back on other day-2 tasks. So it was time to dive deeper into the issue.

Here is a screenshot of the issue:

The Cause

So let us think about what vRealize Automation is performing, it is executing a task on a virtual machine. To perform this it needs to talk to vCenter Server and to talk to vCenter Server it uses vRealize Orchestrator.

Here is a simple overview of the communication that happens in this case. vRealize Automation is communicating to vRealize Orchestrator and vRealize Orchestrator is communicating to vCenter Server.

VMware vRealize Automation - vSphere Endpoint Communication
VMware vRealize Automation – vSphere Endpoint Communication

Error messages

The following error messages were found on the following systems:

vRealize Automation error message:

Error message: Failed to convert external resource Prod-Fin-00012.
Script action com.vmware.vcac.asd.mappings/mapToVCVM failed.

vRealize Orchestrator error message:

https://LAB-VC-A.Lab.local:443/sdk (unusable: java.lang.ClassCastException: com.vmware.vcac.authentication.http.spring.oauth2.OAuthToken cannot be cast to com.vmware.vim.sso.client.SamlToken)

As you can see here vRealize Orchestrator has communication issues with VMware vCenter Server. This issue needs to be addressed for vRealize Automation.

Screenshots:



The Solution

After finding the vRealize Orchestrator vSphere endpoints in an error state it was clear that this was the issue. vRealize Orchestrator is not successfully communicating with vCenter Server so this needs to be addressed.

Procedure:

  1. Open the vRealize Orchestrator Client (https://%vro-node-fqdn%).
  2. Login with administrative credentials (example: administrator@vsphere.local).
  3. Navigate to the following location “Library > vCenter > Configuration“.
  4. Run the following workflow “Remove a vCenter Server instance” (screenshot 01 & screenshot 02).
  5. Run the following workflow “Add a vCenter Server instance” (screenshot 03 & screenshot 04).
  6. Validate the vRealize Orchestrator Endpoint Status (screenshots 05).
  7. Run the item in vRealize Automation again.
  8. Everything should be working again.

Screenshots:

Share this:

HPE Storage Controller Management (ssacli)

This time I decided to do a blog post about the HPE Smart Array RAID controllers with their wonderful ssacli tool. The tooling of HPE is very powerful because you can online manage a VMware ESXi host and migrate for example from a RAID 1 volume to a RAID 10 without downtime or change the read and write cache ratio.

So far as I know I haven’t seen an identical tool yet from the other server hardware vendors like Cisco, Dell EMC, IBM, and Supermicro. The main difference has always been that the HPE tool can perform the operation live without downtime. 

So far as I can remember it has been there for ages. It was already available for VMware ESX 4.0 and is still available in VMware ESXi 6.7. So thumbs-up for HPE :).

Let’s talk about controller support. The tool supports the most HPE SmartArray controllers over the last 10 to 15 years, for example, the Smart Array P400 was released in 2005 and is still working fine today.

Here is an overview of supported controllers:

  • HPE Smart Array P2XX
  • HPE Smart Array P4XX
  • HPE Smart Array P7XX
  • HPE Smart Array P8XX

HPE SSACLI – Location

In case you are using the HPE VMware ESXi custom images. The tool is already pre-installed when installing ESXi. The tool is installed as a VIB (vSphere Installable Bundle). This means it can also be updated with vSphere Update Manager.

Over the years the name of the HPE Storage Controller Tool has been changed and so has the location. Here is a list of locations that have been used for the last ten years for VMware ESXi:

# Location VMware ESXi 4.0/4.1/5.0
/opt/hp/hpacucli/bin/hpacucli

# Location VMware ESXi 5.1/5.5/6.0
/opt/hp/hpssacli/bin/hpssacli

# Location VMware ESXi 6.5/6.7
/opt/smartstorageadmin/ssacli/bin/ssacli


HPE SSACLI – Examples

I have collected some screenshots over the years. Screenshots were taken by doing maintenance on VMware ESXi servers. The give you an idea what valuable information can be shown.


HPE SSACLI – Abréviation

All commands have a short name to reduce the length of the total input provided to the ssacli tool:

### Shortnames:
- chassisname = ch
- controller = ctrl 
- logicaldrive = ld
- physicaldrive = pd 
- drivewritecache = dwc
- licensekey = lk

### Specify drives:
- A range of drives (one to three): 1E:1:1-1E:1:3
- Drives that are unassigned: allunassigned

HPE SSACLI – Status

To view the status of the controller, disks or volumes you can run all sorts of commands to get information about what is going on in your VMware ESXi server. The extensive detail is very useful for troubleshooting and gathering information about the system.

# Show - Controller Slot 1 Basic configuration
./ssacli ctrl slot=1 show config

# Show - Controller Slot 1 Detailed configuration
./ssacli ctrl slot=1 show config detail

# Show - Controller Slot 1 Status
./ssacli ctrl slot=1 show status

# Show - All Controllers Configuration
./ssacli ctrl all show config

# Show - Controller slot 1 logical drive 1 status
./ssacli ctrl slot=1 ld 1 show status

# Show - Basic Physical Disks status
./ssacli ctrl slot=1 pd all show status

# Show - Detailed Physical Disk status
./ssacli ctrl slot=1 pd all show status

HPE SSACLI – Creating

Creating a new logical drive can be done online with the HPE Smart Array controllers. I have displayed some basic examples.

# Create - New single disk volume
./ssacli ctrl slot=1 create type=ld drives=2I:0:8 raid=0 forced

# Create - New spare disk (two defined)
./ssacli ctrl slot=1 array all add spares=2I:1:6,2I:1:7

# Create - New RAID 1 volume
./ssacli ctrl slot=1 create type=ld drives=1I:0:1,1I:0:2 raid=1 forced

# Create - New RAID 5 volume
./ssacli ctrl slot=1 create type=ld drives=1I:0:1,1I:0:2,1I:0:3 raid=5 forced

HPE SSACLI – Adding drives to logical drive

Adding drives to an already created logical drive is possible with the following commands. You need to perform two actions: adding the drive(s) and expanding the logical drive. Keep in mind: make a backup before performing the procedure.

# Add - All unassigned drives to logical drive 1
./ssacli ctrl slot=1 ld 1 add drives=allunassigned

# Modify - Extend logical drive 2 size to maximum (must be run with the "forced" flag)
./ssacli ctrl slot=1 ld 2 modify size=max forced

HPE SSACLI – Rescan controller

To issue a controller rescan, you can run the following command. This can be interesting for when you add new drives in hot swap bays.

### Rescan all controllers
./ssacli rescan

HPE SSACLI – Drive Led Status

The LED status of the drives can also be controlled by the ssacli utility. An example is displayed below how to enable and disable a LED.

# Led - Activate LEDs on logical drive 2 disks
./ssacli ctrl slot=1 ld 2 modify led=on

# Led - Deactivate LEDs on logical drive 2 disks
./ssacli ctrl slot=1 ld 2 modify led=off

# Led - Activate LED on physical drive
ctrl slot=0 pd 1I:0:1 modify led=on

# Led - Deactivate LED on physical drive
ctrl slot=0 pd 1I:0:1 modify led=off


HPE SSACLI – Modify Cache Ratio

Modify the cache ratio on a running system can be interesting for troubleshooting and performance beanchmarking.

# Show - Cache Ratio Status
./ssacli ctrl slot=1 modify cacheratio=?

# Modify - Cache Ratio read: 50% / write: 50%
./ssacli ctrl slot=1 modify cacheratio=50/50

# Modify - Cache Ratio read: 0% / Write: 100%
./ssacli ctrl slot=1 modify cacheratio=0/100


HPE SSACLI – Modify Write Cache

Changing the write cache settings on the storage controller can be done with the following commands:

# Show - Write Cache Status
./ssacli ctrl slot=1 modify dwc=?

# Modify - Enable Write Cache on controller
./ssacli ctrl slot=1 modify dwc=enable forced

# Modify - Disable Write Cache on controller
./ssacli ctrl slot=1 modify dwc=disable forced

# Show - Write Cache Logicaldrive Status
./ssacli ctrl slot=1 logicaldrive 1 modify aa=?

# Modify - Enable Write Cache on Logicaldrive 1
./ssacli ctrl slot=1 logicaldrive 1 modify aa=enable

# Modify - Disable Write Cache on Logicaldrive 1
./ssacli ctrl slot=1 logicaldrive 1 modify aa=disable

HPE SSACLI – Modify Rebuild Priority

Viewing or changing the rebuild priority can be done on the fly. Even when the rebuild is already active. Used it myself a couple of times to lower the impact on production.

# Show - Rebuild Priority Status
./ssacli ctrl slot=1 modify rp=?

# Modify - Set rebuildpriority to Low
./ssacli ctrl slot=1 modify rebuildpriority=low

# Modify - Set rebuildpriority to Medium
./ssacli ctrl slot=1 modify rebuildpriority=medium

# Modify - Set rebuildpriority to High
./ssacli ctrl slot=1 modify rebuildpriority=high

HPE SSACLI – Modify SSD Smart Path

You can modify the HPE SDD Smart Path feature by disabling or enabling. To make clear what the HPE SDD Smart Path includes, here is a official statement by HPE: 

“HP SmartCache feature is a controller-based read and write caching solution that caches the most frequently accessed data (“hot” data) onto lower latency SSDs to dynamically accelerate application workloads. This can be implemented on direct-attached storage and SAN storage.”

For example, when running VMware vSAN SSD Smart Path must be disabled for better performance. In some cases worse the entire vSAN disk group fails.

# Modify - Enable SSD Smart Path
./ssacli ctrl slot=1 array a modify ssdsmartpath=enable

# Modify - Disable SSD Smart Path
./ssacli ctrl slot=1 array a modify ssdsmartpath=disable

HPE SSACLI – Delete Logical Drive

Deleting a logical drive on the HPE Smart Array controller can be done with the following commands.

# Delete - Logical Drive 1
./ssacli ctrl slot=1 ld 1 delete

# Delete - Logical Drive 2
./ssacli ctrl slot=1 ld 2 delete

HPE SSACLI – Erasing Physical Drives

In some cases, you need to erase a physical drive. This can be performed with multiple erasing options. Also, you can stop the process.

Erase patterns available:

  • Default
  • Zero
  • Random_zero
  • Random_random_zero
# Erase physical drive with default erasepattern
./ssacli ctrl slot=1 pd 2I:1:1 modify erase

# Erase physical drive with zero erasepattern
./ssacli ctrl slot=1 pd 2I:1:1 modify erase erasepattern=zero

# Erase physical drive with random zero erasepattern
./ssacli ctrl slot=1 pd 1E:1:1-1E:1:3 modify erase erasepattern=random_zero

# Erase physical drive with random random zero erasepattern
./ssacli ctrl slot=1 pd 1E:1:1-1E:1:3 modify erase erasepattern=random_random_zero

# Stop the erasing process on phsyical drive 1E:1:1
./ssacli ctrl slot=1 pd 1E:1:1 modify stoperase

HPE SSACLI – License key

In some cases a licence key needs to be installed on the SmartArray storage controller to enable the advanced features. This can be done with the following command:

# License key installation
./ssacli ctrl slot=1 licensekey XXXXX-XXXXX-XXXXX-XXXXX-XXXXX

# License key removal
./ssacli ctrl slot=5 lk XXXXXXXXXXXXXXXXXXXXXXXXX delete 

Related sources

A couple of interesting links related to the HPE Storage Controller tool for VMware ESXi:

Share this:

Changing VMware Storage Controller to Paravirtual for CentOS 7

In this post, we are going to change the Virtual Storage Controller from LSI Logic Parallel to VMware Paravirtual for a CentOS 7 based Virtual Machine that is running on VMware vSphere. This blog post will contain step by step guidance for performing the operation.

In my case the virtual machine was build in VMware Workstation and after some time migrated to VMware ESXi. The VMware Paravirtual Storage Controller is not supported in VMware Workstation. That is why the virtual machine came over with the “wrong” storage controller.

My 24×7 Lab environment is running shared iSCSI based storage and all virtual machines are thin provisioned. The Virtual Machine that came over from VMware Workstation is installed with CentOS 7.

Why VMware Paravirtual?

Why should you want to migrate from an LSI Logic Parallel to a VMware Paravirtual SCSI Controller? Two simple reasons and it are two good ones:

  • Lower CPU utilization
  • Higher Throughput

Personally, I have a third reason to add… compliance. All my virtual machines should be compliant with the VMware Best Practice and my personal Home Lab standard. In my Lab environment, this means using the VMware Paravirtual where ever possible/supported.

VMware Official Statement 1:

PVSCSI adapters are high-performance storage adapters that can result in greater throughput and lower CPU utilization. PVSCSI adapters are best for environments, especially SAN environments, where hardware or applications drive a very high amount of I/O throughput. The VMware PVSCSI adapter driver is also compatible with the Windows Storport storage driver. PVSCSI adapters are not suitable for DAS environments.VMware Paravirtual SCSI adapters are high-performance storage adapters that can result in greater throughput and lower CPU utilization.

VMware Official Statement 2:

The PVSCSI adapter offers a significant reduction in CPU utilization as well as potentially increased throughput compared to the default virtual storage adapters, and is thus the best choice for environments with very I/O-intensive guest applications.



Procedure

The most important step in the process is to make sure you have a valid backup! After that, it is just following the steps described below:

  • Create a virtual machine snapshot or backup before you begin.
  • Power-off the virtual machine.
  • Add the VMware Paravirtual Controller to the Virtual Machine. Do not change the disk controller assignment yet, only add the storage controller to the VM (screenshot 01).
  • Power-on the virtual machine.
  • Login with an account on the virtual machine (account must be able to obtain root access).
  • Start rebuilding the initial ramdisk image (screenshot 02):
    mkinitrd -f -v /boot/initramfs-$(uname -r).img $(uname -r)
  • Power-off the virtual machine.
  • Assign disks to the new storage controller and remove the old storage controller (screenshot 03).
  • Power-on the virtual machine.
  • Validate that everything is working and disks are mounted (screenshot 04).
  • Remove the virtual machine snapshot or backup after you are done.

Screenshots

Conclusion

At this point, I have swapped out three virtual machines from the LSI controller to the VMware Paravirtual SCSI Controller. The machines have been running now for about two weeks without any problems. So everything is compliant again ;).

If you encounter any problems or have any question about this subject please feel free to contact me on Twitter or the Reply option below.



Source

Here are some interesting related articles that I used for creating this blog post:

Share this:

Deployment of VMware vCenter Server 6.7 Update 1

In this blog post, we are going to deploy VMware vCenter 6.7 Update 1 in my Lab environment. The deployment is fully covered with all the additional notes required to perform a successful installation, migration or upgrade. I also added some guidelines for designing your environment.

Now that vSphere 6.7 Update 1 is available since the announcement on VMworld 2018 US, it is a good time to start looking at vSphere 6.7 instead of vSphere 6.5.

Why should you look at vSphere 6.7 you might ask? vSphere 6.5 is still running like a charm! Yes you are correct but… there are a couple of items to consider:

If you are familiar with the VMware vCenter 6.5 graphical deployment it has been improved in VMware vCenter 6.7. In the past it was a web-based wizard, with 6.7 it is a binary executable. This means a lot faster and better-responding interface and it removes the browser dependency and browser plug-in on your workstation.



Checklist

The checklist items can be verified, days or hours before the initial deployment. If you don’t have a plan before installing, migrating or upgrading things will turn out ugly…

With the checklist, you can determine if your environment is ready for vSphere 6.7 Update 1. It’s about checking and validation your current software and hardware and talking to your vendors about compatibility.

I have also added some design decision ideas. Because you can choose to install, upgrade or migrate without looking at your current architecture but maybe it is time to update your current architecture (design).

  • Make sure that all connected/used VMware products are compatible like (vRealize Automation / vRealize Orchestrator / vRealize Operations Manager / VMware Horizon and the list goes on). This can be verified on the VMware Product Interoperability Matrices page.
  • Make sure that all third-party products are compatible like (Backup & Replication software / Storage vendor software).
  • Determine the correct sizing for your environment. How many virtual machines and ESXi Hosts are going to be running underneath this vCenter Server. These figures determine your vCenter Server size.
  • An embedded Platform Services Controller (PSC) is the way to go in the future. An external Platform Services Controller will not be available anymore in the future.
  • Where is Windows? Please read this article from more than one year ago. Please do not deploy a vCenter Server on Windows. This is a thing of the past.
  • Verify the Hardware Requirements for the vCenter Appliance (depending on your chosen size and internal or external PSC).
  • Do you deploy against an ESXi Host or a vCenter Server?
  • Is your ESXi host hardware compatible with vSphere 6.7 Update 1?

Preparation

The checklist is completed and you have determined that everything is working or is acceptable to continue. Let’s start with some basic stuff that is required:

  • Read the release notes (VMware vCenter Server 6.7 Update 1 Release Notes).
  • Download the latest release from the VMware website.
  • Create firewall rules for your new vCenter Server.
  • Create forward and reverse DNS records in your DNS Server.
  • Register your IP information in your IPAM system.
  • Save your passwords in your Password Management system (Appliance password / SSO password).
  • Have a workstation ready to perform the deployment with sufficient network access and administrative rights.

Deployment

Let’s start the deployment of VMware vCenter 6.7 Update 1. I have chosen for a clean installation of VMware vCenter 6.7 Update 1. I have chosen for an embedded Platform Services Controller (PSC). Based on my total amount of virtual machines and ESXi Hosts I have selected a “Small” installation footprint.

The new deployment process for vCenter Server 6.7 Update 1 consists out of two stages, one is the deployment stage and one is the setup stage.

The first part is mainly responsible for delivering the full appliance with the operation system, network settings, and installation application bundles. The second part is configuring the applications that are running on the vCenter Server. A total installation takes about 45 minutes to complete.

Procedure:

  1. Mount the vCenter Server media (iso file).
  2. Navigate to the following path “X:\vcsa-ui-installer\win32\” (X stands for the CD-ROM drive label).
  3. Run the following application “installer.exe“.
  4. Follow the wizard, I have uploadedall screenshots for reference.

Stage 01 – Deployment

Here are the images of the first stage of the deployment of VMware vCenter 6.7 Update 1. I have no issues to report everything was working fine on the first try!

Stage 02 – Setup

Here are the images of the second stage of the deployment of VMware vCenter 6.7 Update 1. This part was also bug-free, so it was a good deployment.



Configuration

After a successful deployment of the VCSA appliance, you need to configure at least some items to get vCenter Server production ready. The items listed below are a basic set of the most common items I see in the field:

  • Install the vCenter Server License.
  • Active Directory.
  • Assign rights & permissions.
  • Generate and installation of SSL Certificates.
  • Connect the required VMware products and third-party systems.
  • Create a datacenter object.
  • Create a cluster object.
  • Create a distributed switch.
  • Join ESXi Hosts to the newly created cluster.

Lab Environment

So how does my Lab environment look like?

  • VMware vCenter 6.5.0 Update 2. The target for the vCenter 6.7.0 Update 1 deployment.
  • VMware ESXi 6.5.0 Update 2 in the 24×7 environment. Known as the production cluster.
  • VMware ESXi 6.5.0 Update 2 in the Lab environment. Known as the lab cluster.

You might ask… why don’t you upgrade the current vCenter Server? Good question! The machine has been converted/upgraded multiple times. It started out in life as a VMware vCenter 5.5 machine, that was on the Windows Server 2012 platform. So it was a good moment to start clean after this many years.

Share this:

VMworld 2018 US Announcements

VMworld 2018 US - Featured Images

This blog post is dedicated to the VMworld 2018 US announcements. In the post, you will find the articles, links and highlights. VMworld 2018 US is an event that is organized by VMware. The US version is a five-day event that is held in Las Vegas. It takes place from 26 August to 30 August 2018. This page will be updated multiple times to coming days to add additional information and the latest announcements.

Please reply underneath this blog post if you have some additional information. This can also be additional links or blogs posts.

VMworld 2018 US – Product Announcements

In this chapter are all the product announcements. I can tell you there are a lot of announcements made at VMworld 2018.

vRealize Automation (vRA) 7.5

One the first day of VMworld 2018 US vRealize Automation 7.5 was announced.

The key highlights are:

  • Easy to Operate
    • Modernized vRealize Automation/vRealize Orchestrator(vRO) UI
    • Closed Loop Optimization with vRealize Operations
    • Enterprise-ready ServiceNow plugin
    • NSX-T On-premises Support
  • Built to Support Developers
    • Configuration Management with Ansible Tower
    • Kubernetes Cluster Management with VMware Pivotal Container Services (PKS)
  • Helps Embrace Multi-Cloud
    • AWS Enhancements
    • Azure Enhancements
    • Google Cloud Enhancements

Links:



vRealize Operations Manager (vROPS) 7.0

On the first day of VMworld 2018 US vRealize Operations Manager 7.0 was announced.

The key highlight are:

  • Enhanced User Interface
  • Automating Performance Based on Business and Operational Intent
  • Automated Host Based Placement, Driven by Business Intent
  • Capacity Analytics Enhanced with Exponential Decay and Calendar Awareness
  • Plan Capacity across Private Cloud and VMware Cloud on AWS
  • Simplified Dashboard Creation and Sharing
  • vRealize Operations AWS Management Pack Update
  • Other Miscellaneous Enhancements
    • Workload Right-sizing to avoid performance bottlenecks and reclaim over-allocated resources
    • Built-in vSphere config & compliance: PCI, HIPAA, DISA, FISMA, ISO, CIS
    • Ability to extend to the entire data center and cloud with updated management packs for Storage, vRO, Kubernetes, Federation etc.
    • vSAN performance, capacity, and troubleshooting including support for stretched clusters and through vRealize Operations plug-in in vCenter
    • Wavefront integration for application operations

Links:


vRealize Log Insight (vRLI) 4.7

On the first day of VMworld 2018 US vRealize Log Insight 4.7 was announced.

The key highlights are:

  • Security Improvements
    • Detailed verification of certificate when adding it to vRLI both from UI and REST API
    • Ability to retrieve current certificate details both from UI and REST API
    • LIAGENT_SSL_CA_PATH environment variable
  • Usability Enhancements
    • vCenter Integration now relies on user-provided hostname instead of trying to resolve it
    • Ability to choose the content packs, the fields of which should be dynamically extracted in the query result in Interactive Analytics
    • Improvements in the REST API
    • UI/UX improvements and bug fixes

Links:


vRealize Network Insight (vRNI) 3.9

On the first day of VMworld 2018 US vRealize Network Insight 3.9 was announced.

The key highlights are:

  • Plan micro-segmentation and get visibility for NSX Data Center, including NSX-T
  • Enhanced security for service access with Multi-factor Authentication
  • Custom dashboard support for Cisco ASA firewall and enhancements to Checkpoint Firewall support
  • Many customers are now using VMware Network Insight as a service, and customers based in Europe now also have the option of using the VMware Network Insight service hosted out of London, UK.

Links:


vCloud Director (vCD) 9.5

Just a couple of days before VMworld 2018 US vCloud Director 9.5 was announced:

The key highlights are:

  • Cross-site networking improvements powered by deeper integration with NSX
  • Initial integration with NSX-T
  • Full transition to an HTML5 UI for the cloud consumer
  • Improvements to role-based access control
  • Natively integrated data protection capabilities, powered by Dell-EMC Avamar
  • vCD virtual appliance deployment model

Links:


vSphere Platinum

On the first day of VMworld 2018 US, a new vSphere edition was announced. The product is called vSphere Platinum and it has a tight integration with VMware AppDefense.

The key highlights are:

  • Benefits for vSphere Admins
    • Gain visibility into the intent of each virtual machine, and a detailed inventory of application assets and context.
    • Understand how applications behave and be alerted to potential issues and deviations.
    • Shrink the attack surface and reduce the risk of security compromise.
      Establish a simple and powerful way to collaborate with security, compliance and application teams.
    • Get better visibility and protection with a simple, light-weight and scalable security solution, with no agents to manage, and minimal overhead.
    • Use what you already own, understand, and run in your data center – vSphere – with its unique visibility, automation and isolation qualities.
    • Play a larger and critical role in the security of your entire IT environment – Be the Security Hero!
  • Benefits for Security Teams
    • Better visibility and situational awareness of application behaviours, and virtual machine purpose.
    • Faster detection, analysis, and time to response – quickly understand attacks and make fast decisions using application context and scope.
    • Enhance existing security tools and support compliance efforts through contextual visibility and alerts into application communications and deviations.
    • Lower false positives – integrated behavioural analytics and machine learning offer a more precise method to identify and respond to threats.
    • Big data correlation for better identification and context using cloud SaaS model.
    • Security as an agile business enabler – support DevOps environment through continuous learning and protection.
    • Easily Coordinate with vSphere Admins and Application teams for better security while respecting existing workflows & maintaining separation of duties.
  • Secure Applications
    • VMware AppDefense – Protects the integrity of applications running on vSphere, using machine learning to monitor against threats and automate responses. AppDefense locks down the guest operating system for all applications, the VMware application stack and third-party applications.  To accomplish this, AppDefense gathers inventory data on virtual machines and applications from vCenter Server, development tools, and automation frameworks and applies machine learning to discover the intended state and establish the known good behaviours for the application and machine.  Any deviations from this state are detected and prevented, securing the integrity of the applications, infrastructure, and guest operating system. AppDefense provides detailed visibility for better change management and compliance reporting and also provides a rich set of automated or orchestrated incident response mechanisms to address attacks. Moreover, it leverages machine learning for a simple and automated way to conduct audits and reviews for applications.
  • Secure Data
    • FIPS 140-2 Validated VM Encryption, and cross-vCenter Encrypted vMotion – Secure against unauthorized data access both at rest and in motion, across the hybrid cloud.
      Secure Infrastructure
    • Secure Boot for ESXi – Allows only VMware and Partner signed code to run in your hypervisor.
      Secure Boot for Virtual Machines – Helps prevent images from being tampered with and prevents the loading of unauthorized components.
    • Support for TPM 2.0 for ESXi – Enables hypervisor integrity by validating the Secure Boot for ESXi process and enables remote host attestation.
    • Virtual TPM 2.0 – Provides the necessary support for guest operating system security features while retaining operational features such as vMotion and disaster recovery.
    • Support for Microsoft Virtualization Based Security – Supports Windows 10 and Windows 2016 security features, like Credential Guard, on vSphere.
  • Secure Access
    • Audit Quality Logging – Enables authorized administration and control by providing high fidelity visibility in vSphere operations.

Links:


vSphere 6.7 Update 1

On the first day of VMworld 2018 US vSphere 6.7 Update 1 was announced.

The key highlights are:

  • Fully Featured HTML5-based vSphere Client
  • Enhanced support for NVIDIA Quadro vDWS powered VMs; and Support for Intel FPGA
  • New vCenter Server Convergence Tool
  • Enhancements for HCI and vSAN
  • Enhanced vSphere Content Library

Links:


vSAN 6.7 Update 1

On the first day of VMworld 2018 US vSAN 6.7 Update 1 was announced.

The key highlights are:

  • Simplified Operations
    • Cluster Quickstart
    • Driver & Firmware Updates using Update Manager
    • Decommissioning and Maintenance Mode Safeguards in vSAN 6.7 U1
    • More vRealize Operations Intelligence
    • Improved Capacity Reporting
  • Efficient Infrastructure
    • TRIM/UNMAP Support
    • Mixed MTU Support for 2 Node and Stretched Clusters
    • Updated Sizing Tools
  • Rapid Support Resolution
    • Improved Health Check Guidance
    • Enhanced Support Diagnostics

Links:


VMware Validated Design 4.3

Also, the VMware Validated Design (VVD) received some new features and changes to the documentation. Personally, the greatest value in this release is the Visio stencils that are available for everyone.

The key highlights are:

  • Official NSX-T Support
  • Documentation Updates
    • IT Automating IT Scenarios
    • Intelligent Operations Scenarios
    • Introduction to Security and Compliance
    • Operational Verification
    • Certificate Replacement for 2-pod
    • Certificate Replacement for 1-pod
  • Architecture and Design of VMware PKS for Workload Domains
  • Design and Deployment of VMware Skyline
  • Architecture and Design Guidance for NIST 800-53
  • VVD Diagrams and Stencils

Links:


VMworld 2018 US – Technical Previews & Projects

There were also a lot of announcements surrounding some new developments/projects.

Project list:

  • Project Concord – Project Concord uses Byzantine fault-tolerant consensus protocols to deliver a functioning distributed trust system: one that is both “safe” and “alive.” Concord is a generic state machine replication library that can handle malicious (Byzantine) replicas.
  • Project Dimension – Project Dimension will extend VMware Cloud to deliver SDDC infrastructure and hardware as-a-service to on-premises locations.
  • Project Magna – Project Magna will make possible a self-driving data center based on machine learning.
  • RDS on VMware – VMware demonstrated how Amazon Web Service’s RDS service will run on VMware in a private data center, thus offering developers a familiar RDS Functionality available on VMware in a private data center or at the Edge.
  • Virtualization on 64-bit ARM for Edge – VMware demonstrated ESXi on 64-bit ARM running on a windmill farm at the Edge.

Links:


VMworld 2018 US – ITQ Blogs 

Here is a list of ITQ blogs with additional VMworld 2018 US content:


VMworld 2018 US – Keynotes

There are already some recordings available of the keynotes. These can be found on YouTube with the following links:


VMworld 2018 US – Recordings

Just like every year, William Lam from the website virtuallyGhetto creates a GIT repository with all the VMworld sessions. For each session, a recording and presentation are provided. It will probably be a couple of days till weeks until all sessions become available.

Share this:

Opening vSphere Web Client (Flash) on Windows Server 2016

Share this:

The VM Remote Console changed to VMware Workstation instead of VMRC

Lately, I discovered an annoying feature in combination with VMware vCenter and VMware Workstation. When installing VMware Workstation on your management computer it becomes the default Remote Console viewer. To be honest, I like the VMware Remote Console (VMRC) very much. The application has all the features and is quick and light. This compared to starting VMware Workstation to open a Remote Console.

What is VMware Remote Console: “The VMware Remote Console (VMRC) is a standalone console application for Windows. VMware Remote Console provides console access and client device connection to VMs on a remote host. You will need to download this installer before you can launch the external VMRC application directly from a VMware vSphere or vRealize Automation web client.”

In October 2017, I already fixed my problem on my management computer… but after a recent VMware Workstation update, it changed the Remote Console back to VMware Workstation. Currently, there is no option in the GUI to change the default Remote Console. Ok, but how do we get VMRC back?

When I was comparing the Windows Registry, I found out that the following registry keys were different between machines. To speed up to process I created some PowerShell one-liners to fix the problem.

### View settings in registry
Get-Item HKLM:\SOFTWARE\Classes\vmrc\DefaultIconGet-Item HKLM:\SOFTWARE\Classes\vmrc\shell\open\command

### Change settings to VMRC
Set-Item HKLM:\SOFTWARE\Classes\vmrc\DefaultIcon -Value '"C:\Program Files (x86)\VMware\VMware Remote Console\vmrc.exe",0'
Set-Item HKLM:\SOFTWARE\Classes\vmrc\shell\open\command -Value '"C:\Program Files (x86)\VMware\VMware Remote Console\vmrc.exe" "%1"'

When you change the registry keys, the settings are direct in effect. No Operating System reboot or browser restart is required. The change is instant. I hope the blog post helps some vSphere Administrators that also prefer VMRC above VMware Workstation for viewing Remote Consoles.

@VMware: I would like to have an option to control the behaviour without changing registry keys by hand… 🙂 Thanks!



Environment

The issues occurred with the following combination of software:

  • VMware vCenter Server 6.5 (Update 1e)
  • VMware VMRC (10.0.2-7096020)
  • VMware Workstation (12.5.9 build-7535481)
  • Management Workstation: Windows 10 X64

VMRC Screenshots

Some screenshots that display the changes when opening the Remote Console of a Virtual Machine in VMware vCenter.

Share this:

Automated installation with VMware ESXi 5.5/6.0/6.5

In this blog post, we are going to automate the installation of VMware ESXi 5.5, 6.0 and 6.5. This can be done with a so-called “kickstart” configuration file which is officially supported by VMware. The file contains the configuration for a VMware ESXi Host to configure settings like IP address, subnet mask, hostname, license key, datastore, etc.

The kickstart configuration file can be made available in the following locations:

  • FTP
  • HTTP/HTTPS
  • NFS Share
  • USB flash drive
  • CD/DVD device

Personally, I prefer to use the HTTP protocol.



Use Case

You might ask yourself, why should I install an ESXi Host with a kickstart file? Some of the use cases I identified over the years are:

  • The very first ESXi Hosts for your SDDC environment (before VMware vCenter is deployed or vSphere Auto Deploy is configured).
  • A standalone ESXi Host for a small environment.
  • A Home Lab environment to install nested VMware ESXi Hosts.

Setup a web server

To make the kickstart configuration file available for the ESXi host we need a web server. Basically, every web server available on the market can serve this file. Here is a list of web server products that I have used: Apache, Microsoft IIS and NGINX.

In this environment/example I used a Microsoft IIS server on a Windows 10 Client. Do not forget to add the cfg extension to the MIME types.

Configuration file

Now it’s time to create a text file with your favourite text editor. The text file in this example is called (ks.cfg). I have added two configuration files as samples, one with the minimum settings and one I normally use for my Lab environment.

Configuration file – Simple (ks.cfg)

This is a default ks.cfg configuration file with just the minimum of settings required.

#
# Sample scripted installation file
#
 
# Accept the VMware End User License Agreement
vmaccepteula
 
# Set the root password for the DCUI and Tech Support Mode
rootpw mypassword
 
# The install media is in the CD-ROM drive
install --firstdisk --overwritevmfs
 
# Set the network to DHCP on the first network adapter
network --bootproto=dhcp --device=vmnic0
 
# A sample post-install script
%post --interpreter=python --ignorefailure=true
import time
stampFile = open('/finished.stamp', mode='w')
stampFile.write( time.asctime() )

Configuration file – Advanced (ks.cfg)

This is the more advanced version of the configuration file that also configures a lot of other settings like NTP servers, search domain, CEIP and a static IP address for the management interface.

### ESXi Installation Script
### Hostname: LAB-ESXi01A
### Author: M. Buijs
### Date: 2017-08-11
### Tested with: ESXi 6.0 and ESXi 6.5
 
##### Stage 01 - Pre installation:
 
    ### Accept the VMware End User License Agreement
    vmaccepteula
 
    ### Set the root password for the DCUI and Tech Support Mode
    rootpw VMware1!
 
    ### The install media (priority: local / remote / USB)
    install --firstdisk=local --overwritevmfs --novmfsondisk
 
    ### Set the network to DHCP on the first network adapter
    network --bootproto=static --device=vmnic0 --ip=192.168.151.101 --netmask=255.255.255.0 --gateway=192.168.151.254 --nameserver=192.168.126.21,192.168.151.254 --hostname=LAB-ESXi01A.lab.local --addvmportgroup=0
 
    ### Reboot ESXi Host
    reboot --noeject
 
##### Stage 02 - Post installation:
 
    ### Open busybox and launch commands
    %firstboot --interpreter=busybox
 
    ### Set Search Domain
    esxcli network ip dns search add --domain=lab.local
 
    ### Add second NIC to vSwitch0
    esxcli network vswitch standard uplink add --uplink-name=vmnic1 --vswitch-name=vSwitch0
 
    ###  Disable IPv6 support (reboot is required)
    esxcli network ip set --ipv6-enabled=false
 
    ### Add NTP Server addresses
    echo "server 192.168.126.21" >> /etc/ntp.conf;
    echo "server 192.168.151.254" >> /etc/ntp.conf;
 
    ### Allow NTP through firewall
    esxcfg-firewall -e ntpClient
 
    ### Enable NTP autostartup
    /sbin/chkconfig ntpd on;
 
    ### Rename local datastore (currently disabled because of --novmfsondisk)
    #vim-cmd hostsvc/datastore/rename datastore1 "DAS - $(hostname -s)"
 
    ### Disable CEIP
    esxcli system settings advanced set -o /UserVars/HostClientCEIPOptIn -i 2
 
    ### Enable maintaince mode
    esxcli system maintenanceMode set -e true
 
    ### Reboot
    esxcli system shutdown reboot -d 15 -r "rebooting after ESXi host configuration"


Installing an ESXi Host with Kickstart file

The following procedure needs to be performed to boot from a kickstart file:

  1. Boot the ESXi host with a VMware ESXi ISO (ISO file can be obtained from the VMware download page).
  2. Press the key combination “shift + o” at boot.
  3. Enter one of the following lines after runweasel:
    • For an HTTP share: ks=http://%IP_or_FQDN%/kg.cfg
    • For an HTTPs share: ks=https://%IP_or_FQDN%/kg.cfg
    • For a NFS share: ks=nfs://%IP_or_FQDN%/ks.cfg
  4. The installation will start and use the kickstart configuration file (ks.cfg).
  5. After the installation is complete the ESXi Host will reboot.

Screenshots

HTTP Path to ks.cfg file on webserver
HTTP Path to ks.cfg file on webserver
ESXi Host is downloading/reading file from HTTP mirror
ESXi Host is downloading/reading file from HTTP mirror

Article updates:

  • 2018-10-04 – This article has been updated.
  • 2018-11-16 – Code blocks were not displaying correctly.

Share this: