Lately, I encountered some issues related to VMware vSAN in my Lab environment. The error message that was popping up all the time was “PBM error occurred during PreCloneCheckCallback“.
So how did the problem occur? First, we start with some background information. My Lab environment is powered-on when needed and powered-off when not needed. This is, of course, a little bit different than a production 24×7 environment that you have in your datacenters worldwide.
The environment was booted successfully at first glance. We are talking about Domain Controllers, vCenter Server, VMware NSX-V, nested ESXi Hosts and vRealize Automation. When I started deploying virtual machines with a vRealize Automation (vRA) based on blueprints with vSphere Templates issues started to occur.
vRealize Automation was failing on the provisioning task and was cleaning up the deployment because of the failed state (default behavior). So it was time to dig into the underlying infrastructure.
When the issue occurred the following software versions were used in my lab environment:
VMware vCenter 6.5 Update 2B
VMware vRealize Automation 7.3.1
VMware ESXi 6.5 Update 2
VMware vSAN 6.6
Here is all the information that can be found in various locations surrounding the issue.
Error message: Screenshots
Here are the screenshots, the first one is from VMware vCenter and the second one is from vRealize Automation. As you can see there is clearly a problem.
Error message: vRealize Automation
Here is the vRealize Automation log entry related to the VMware vSAN issue:
Error in Execute DynamicOps.Common.Client.HtmlResponseException: Service Unavailable (503)
Error message: vCenter Server
Here is the VMware vCenter log entry related to the VMware vSAN issue:
A general system error occurred - PBM error occurred during PreCloneCheckCallback (2118557)
The solution is quick but is more like a quick fix because it comes back every time I start up my lab environment.
Open a web browser.
Navigate to your vCenter Server URL (https://%vc%/vsphere-client).
Login with a user that has administrator credentials (firstname.lastname@example.org).
Navigate to Hosts & Clusters > Select the vCenter Object.
Click on the Configure tab.
Click on the Storage Providers.
Click on the following two buttons:
Synchronizes all Storage Providers with the current state of the environment.
Rescan the storage provider for new storage systems and storage capabilities.
After pressing the buttons, you don’t see any tasks running on the vCenter Server (expected behavior). After 5 seconds everything should be working and provisioning should be possible.
This time I decided to do a blog post about the HPE Smart Array RAID controllers with their wonderful ssacli tool. The tooling of HPE is very powerful because you can online manage a VMware ESXi host and migrate for example from a RAID 1 volume to a RAID 10 without downtime or change the read and write cache ratio.
So far as I know I haven’t seen an identical tool yet from the other server hardware vendors like Cisco, Dell EMC, IBM, and Supermicro. The main difference has always been that the HPE tool can perform the operation live without downtime.
So far as I can remember it has been there for ages. It was already available for VMware ESX 4.0 and is still available in VMware ESXi 6.7. So thumbs-up for HPE :).
Let’s talk about controller support. The tool supports the most HPE SmartArray controllers over the last 10 to 15 years, for example, the Smart Array P400 was released in 2005 and is still working fine today.
Here is an overview of supported controllers:
HPE Smart Array P2XX
HPE Smart Array P4XX
HPE Smart Array P7XX
HPE Smart Array P8XX
HPE SSACLI – Location
In case you are using the HPE VMware ESXi custom images. The tool is already pre-installed when installing ESXi. The tool is installed as a VIB (vSphere Installable Bundle). This means it can also be updated with vSphere Update Manager.
Over the years the name of the HPE Storage Controller Tool has been changed and so has the location. Here is a list of locations that have been used for the last ten years for VMware ESXi:
I have collected some screenshots over the years. Screenshots were taken by doing maintenance on VMware ESXi servers. The give you an idea what valuable information can be shown.
HPE SSACLI – Abréviation
All commands have a short name to reduce the length of the total input provided to the ssacli tool:
- chassisname = ch
- controller = ctrl
- logicaldrive = ld
- physicaldrive = pd
- drivewritecache = dwc
- licensekey = lk
### Specify drives:
- A range of drives (one to three): 1E:1:1-1E:1:3
- Drives that are unassigned: allunassigned
HPE SSACLI – Status
To view the status of the controller, disks or volumes you can run all sorts of commands to get information about what is going on in your VMware ESXi server. The extensive detail is very useful for troubleshooting and gathering information about the system.
# Show - Controller Slot 1 Basic configuration
./ssacli ctrl slot=1 show config
# Show - Controller Slot 1 Detailed configuration
./ssacli ctrl slot=1 show config detail
# Show - Controller Slot 1 Status
./ssacli ctrl slot=1 show status
# Show - All Controllers Configuration
./ssacli ctrl all show config
# Show - Controller slot 1 logical drive 1 status
./ssacli ctrl slot=1 ld 1 show status
# Show - Basic Physical Disks status
./ssacli ctrl slot=1 pd all show status
# Show - Detailed Physical Disk status
./ssacli ctrl slot=1 pd all show status
HPE SSACLI – Creating
Creating a new logical drive can be done online with the HPE Smart Array controllers. I have displayed some basic examples.
# Create - New single disk volume
./ssacli ctrl slot=1 create type=ld drives=2I:0:8 raid=0 forced
# Create - New spare disk (two defined)
./ssacli ctrl slot=1 array all add spares=2I:1:6,2I:1:7
# Create - New RAID 1 volume
./ssacli ctrl slot=1 create type=ld drives=1I:0:1,1I:0:2 raid=1 forced
# Create - New RAID 5 volume
./ssacli ctrl slot=1 create type=ld drives=1I:0:1,1I:0:2,1I:0:3 raid=5 forced
HPE SSACLI – Adding drives to logical drive
Adding drives to an already created logical drive is possible with the following commands. You need to perform two actions: adding the drive(s) and expanding the logical drive. Keep in mind: make a backup before performing the procedure.
# Add - All unassigned drives to logical drive 1
./ssacli ctrl slot=1 ld 1 add drives=allunassigned
# Modify - Extend logical drive 2 size to maximum (must be run with the "forced" flag)
./ssacli ctrl slot=1 ld 2 modify size=max forced
HPE SSACLI – Rescan controller
To issue a controller rescan, you can run the following command. This can be interesting for when you add new drives in hot swap bays.
### Rescan all controllers
HPE SSACLI – Drive Led Status
The LED status of the drives can also be controlled by the ssacli utility. An example is displayed below how to enable and disable a LED.
# Led - Activate LEDs on logical drive 2 disks
./ssacli ctrl slot=1 ld 2 modify led=on
# Led - Deactivate LEDs on logical drive 2 disks
./ssacli ctrl slot=1 ld 2 modify led=off
# Led - Activate LED on physical drive
ctrl slot=0 pd 1I:0:1 modify led=on
# Led - Deactivate LED on physical drive
ctrl slot=0 pd 1I:0:1 modify led=off
HPE SSACLI – Modify Cache Ratio
Modify the cache ratio on a running system can be interesting for troubleshooting and performance beanchmarking.
# Show - Cache Ratio Status
./ssacli ctrl slot=1 modify cacheratio=?
# Modify - Cache Ratio read: 50% / write: 50%
./ssacli ctrl slot=1 modify cacheratio=50/50
# Modify - Cache Ratio read: 0% / Write: 100%
./ssacli ctrl slot=1 modify cacheratio=0/100
HPE SSACLI – Modify Write Cache
Changing the write cache settings on the storage controller can be done with the following commands:
Viewing or changing the rebuild priority can be done on the fly. Even when the rebuild is already active. Used it myself a couple of times to lower the impact on production.
# Show - Rebuild Priority Status
./ssacli ctrl slot=1 modify rp=?
# Modify - Set rebuildpriority to Low
./ssacli ctrl slot=1 modify rebuildpriority=low
# Modify - Set rebuildpriority to Medium
./ssacli ctrl slot=1 modify rebuildpriority=medium
# Modify - Set rebuildpriority to High
./ssacli ctrl slot=1 modify rebuildpriority=high
HPE SSACLI – Modify SSD Smart Path
You can modify the HPE SDD Smart Path feature by disabling or enabling. To make clear what the HPE SDD Smart Path includes, here is a officialstatement by HPE:
“HP SmartCache feature is a controller-based read and write caching solution that caches the most frequently accessed data (“hot” data) onto lower latency SSDs to dynamically accelerate application workloads. This can be implemented on direct-attached storage and SAN storage.”
In this blog post, we are going to deploy VMware vCenter 6.7 Update 1 in my Lab environment. The deployment is fully covered with all the additional notes required to perform a successful installation, migration or upgrade. I also added some guidelines for designing your environment.
If you are familiar with the VMware vCenter 6.5 graphical deployment it has been improved in VMware vCenter 6.7. In the past it was a web-based wizard, with 6.7 it is a binary executable. This means a lot faster and better-responding interface and it removes the browser dependency and browser plug-in on your workstation.
The checklist items can be verified, days or hours before the initial deployment. If you don’t have a plan before installing, migrating or upgrading things will turn out ugly…
With the checklist, you can determine if your environment is ready for vSphere 6.7 Update 1. It’s about checking and validation your current software and hardware and talking to your vendors about compatibility.
I have also added some design decision ideas. Because you can choose to install, upgrade or migrate without looking at your current architecture but maybe it is time to update your current architecture (design).
Make sure that all connected/used VMware products are compatible like (vRealize Automation / vRealize Orchestrator / vRealize Operations Manager / VMware Horizon and the list goes on). This can be verified on the VMware Product Interoperability Matrices page.
Make sure that all third-party products are compatible like (Backup & Replication software / Storage vendor software).
Determine the correct sizing for your environment. How many virtual machines and ESXi Hosts are going to be running underneath this vCenter Server. These figures determine your vCenter Server size.
Download the latest release from the VMware website.
Create firewall rules for your new vCenter Server.
Create forward and reverse DNS records in your DNS Server.
Register your IP information in your IPAM system.
Save your passwords in your Password Management system (Appliance password / SSO password).
Have a workstation ready to perform the deployment with sufficient network access and administrative rights.
Let’s start the deployment of VMware vCenter 6.7 Update 1. I have chosen for a clean installation of VMware vCenter 6.7 Update 1. I have chosen for an embedded Platform Services Controller (PSC). Based on my total amount of virtual machines and ESXi Hosts I have selected a “Small” installation footprint.
The new deployment process for vCenter Server 6.7 Update 1 consists out of two stages, one is the deployment stage and one is the setup stage.
The first part is mainly responsible for delivering the full appliance with the operation system, network settings, and installation application bundles. The second part is configuring the applications that are running on the vCenter Server. A total installation takes about 45 minutes to complete.
Mount the vCenter Server media (iso file).
Navigate to the following path “X:\vcsa-ui-installer\win32\” (X stands for the CD-ROM drive label).
Run the following application “installer.exe“.
Follow the wizard, I have uploadedall screenshots for reference.
Stage 01 – Deployment
Here are the images of the first stage of the deployment of VMware vCenter 6.7 Update 1. I have no issues to report everything was working fine on the first try!
Stage 02 – Setup
Here are the images of the second stage of the deployment of VMware vCenter 6.7 Update 1. This part was also bug-free, so it was a good deployment.
After a successful deployment of the VCSA appliance, you need to configure at least some items to get vCenter Server production ready. The items listed below are a basic set of the most common items I see in the field:
Install the vCenter Server License.
Assign rights & permissions.
Generate and installation of SSL Certificates.
Connect the required VMware products and third-party systems.
VMware vCenter 6.5.0 Update 2. The target for the vCenter 6.7.0 Update 1 deployment.
VMware ESXi 6.5.0 Update 2 in the 24×7 environment. Known as the production cluster.
VMware ESXi 6.5.0 Update 2 in the Lab environment. Known as the lab cluster.
You might ask… why don’t you upgrade the current vCenter Server? Good question! The machine has been converted/upgraded multiple times. It started out in life as a VMware vCenter 5.5 machine, that was on the Windows Server 2012 platform. So it was a good moment to start clean after this many years.
How to upgrade vRealize Orchestrator 7.4 to vRealize Orchestrator 7.5 or to be more precise… migrate! Since the release of vRealize Orchestrator 7.5 a couple of weeks ago the update/upgrade option with the vamicli and appliance management interface is not available (to my surprise).
A quick introduction to how I got in that situation: In my Home Lab my main vRealize Orchestrator appliance is running version 7.4.0 and is responsible for some day-to-day Orchestration of my multiple environments.
For the people that are is still running way older versions: Upgrading vRealize Orchestrator Appliance from version 5.5.x to 7.5 is not supported. You must upgrade your vRealize Orchestrator Appliance 5.5.x to 6.0.x first and then migrate to 7.5.
The following components were running in my environment and have been tested. Note: this part of my Lab environment is not running vRealize Automation. So I have not tested the migration with external vRO nodes in combination with vRealize Automation.
A single vCenter Server 6.5.0 Update 2 (with an embedded PSC)
A single vRealize Orchestrator 7.4.0 (external)
There are two options available. The first option is moving all data between the old and new vRealize Orchestrator. The second option is to migrate vRealize Orchestrator with the migration wizard. The second option is the one VMware recommends. The first option can be easier in some cases, some advantages are you retain your IP address, hostname and SSL certificates.
Both options are written down on this page.
vRO export data and redeploy
I have chosen for this scenario because this machine is only connected to a vCenter Server and can be reastablished very fast. Another reason is that the current vRO instance has been running since version vRO 7.0 and has been upgraded more than seven times in about 2.5 years. So a new clean install ain’t a bad thing!
Create a package in the vRealize Orchestrator Client with all your created workflows, actions and resource elements.
Save the package on a save place.
Remove the registration from vCenter Server (if they are connected). Workflows “Unregister a vCenter Server extension” & “Remove a vCenter Server instance“.
Poweroff the current vRO appliance.
Rename the appliance to %vm-name%.old (for example).
Deploy a new vRealize Orchestrator Appliance on the same IP address and FQDN.
Upgrade the virtual hardware.
Walkthrough the vRealize Orchestrator configuration wizard.
(Optional) install the SSL certificates.
Import the package.
Register with vCenter Server. Workflows “Add a vCenter Server instance” & “Register vCenter Orchestrator as a vCenter Server Extension“.
The migration path is performed in the following way (the official documentation is extensive, the link is listed below). The migration is a good option for an Orchestrator that is connected to a lot of extensibility and has a lot of plugins installed. The biggest issue for me was the new IP address, FQDN and new certificates required.
Note: Migrations with vRealize Orchestrator Clusters are not described here. There are a couple of small items you need to check in the migration manual.
Your source Orchestrator is running at least version 6.X.
Make sure no workflows are running.
Stop the Orchestrator services on the source Orchestrator.
Make sure SSH is enabled on both the source and destination Orchestrator.
Make sure no firewall is blocking traffic for the migration.
Create backups from the source and destination Orchestrator.
Register a new vRealize Orchestrator appliance in your IPAM solution.
Deploy a new vRealize Orchestrator next to the currently running.
Upgrade Virtual Machine Hardware
Power-on the vRealize Orchestrator appliance.
(Optional) Install new SSL Certificates.
Navigate with a browser to the Appliance Management interface (https://%FQDN%:5480).
This year VMworld 2018 Europe is held in Barcelona Spain from 5 November until 8 November. This has been the location for some time now. Only the date shifted a couple months backward compared to last year (September > November). This page will be updated multiple time in the coming days. I will add additional information and announcements multiple times a day.
I was able to attend myself in person thanks to my employer ITQ. This year we traveled with 33 ITQ colleagues to VMworld 2018 Europe. In total 12000 people attended VMworld 2018 Europe in Barcelona.
VMworld 2018 EU – Product Announcements
On VMworld 2018 in Europe, the following products and/or services were announced.
VMware Cloud Foundation (VCF) 3.5
In the opening keynote VMware Cloud Foundation (VCF) 3.5 has been released.
VMware Cloud Foundation is an automated release of the Software-Defined Datacenter with vSphere, NSX, and vSAN in the core. On top VMware is using there vRealize Suite for creating an entire Cloud Management Platform.
The VCF 3.5 release includes the following new features:
Clarity UI as for all VMware products.
More intuitive end-to-end UI driven workflows
Improved UI responsiveness and performance
Dashboard with widgets to more easily surface important SDDC information
Updated navigation and consistency between workflows
Extendable platform to ensure that we can incorporate new releases and functionality (ex. New workflow wizards, dashboard widgets)
Just like every year, William Lam from the website virtuallyGhetto creates a GIT repository with all the VMworld sessions. For each session, a recording and presentation is provided on his Git Repository. It will probably be a couple of days till weeks until all sessions become available:
This week we (Vincent van Vierzen and myself) attended the vRO Master Class that was offered to us by our employee ITQ. It is a three-day course on-site in the VMware UK HQ in Staines. The class was attended by seventeen people from all over the EMEA region. Keep in mind: the Livefire courses are only available to VMware employees and VMware partners. The information shared at the Livefire is protected by the VMware NDA, so no information is covered here that will break the NDA.
Before we went to the vRO Master Class course we didn’t know what to expect. A couple of questions that went through our heads were: What would the expected technical level be? What items would be discussed and explained? Is it a theoretical or hands-on course?
On the first day, we got access to a dedicated HOL environment that has been build for the vRO Master Class and the vRealize Orchestrator history and architecture is explained. There was also a lot of talk about the new and coming features for vRealize Automation (vRA) and vRealize Orchestrator (vRO).
Day two was about Dynamic Types and the APIs available in vRealize Automation & vRealize Orchestrator. Christophe explained some projects he has done and blogged on his one website. There was just a lot of information available first hand.
Day three was about vRealize Orchestrator best practices. The best practices slides were extensive and were covering all the aspects. Examples were workflow performance and troubleshooting. They also covered workflow and action development. In the afternoon Spas covered the integration with Microsoft PowerShell and his first-hand experience.
The vRO Master Class course covered the following use cases that were relevant for in the real world:
Create a bunch of VMs (vCenter plug-in)
Resume a failed workflow
Leverage the vAPI
Create a Dynamic Types plug-in from scratch
Create a plug-in with the Dynamic Types plug-in generator
Extend the vRealize Automation Lifecycle with Event Broker
vRA 7.4 – Create a blueprint with an IP input field (Custom Forms & Iaas plug-in)
vRA 7.3 – Create a blueprint with an IP input field (CBP, XaaS, vRA CAFE & IaaS plug-in)
Leverage Dynamic Types Microsoft DNS plug-in with XaaS and XaaS Blueprint components
Create scalable Photon Swarm Blueprint
Use vRA Scalable XaaS components
Simple Database Integration (SQL Plug-in)
Using PowerShell Credential Delegation in vRO
Leverage Guest Operations with Script Manager
Use the vRO REST API
As consultants, we were also interested in vCloud Director use cases and real-world examples but they will be included in the new vRO Master Class in 2019. So in case you are going for vCD stuff wait for 2019.
The following instructors can be available for the vRO Master Class. We were lucky to have Spas Kaloferov and Christophe Decanini available for the three days. Here is an overview of the vRO Master Class instructors:
The vRO Master Class is really focused on vRealize Orchestrator. You have to be a vRO guy definitely to join this class. We think it is a good thing that there is a course available that is purely focused on vRO because VMware Education is more or less focused on the entire CMP.
The instructors were really qualified and experts on vRealize Orchestrator. Christophe is one of the original Dunes Technologies employees that came over to VMware when the product was acquired in 2007. He knows all the ins and outs about the Orchestrator product and the history related to chooses that have been made over time.
The balance between talking about the material and spending time in the lab environment could be improved. The course should be extended with an additional day to a total of four days (at least). This will bring the course more into balance and it introduces more time for the attendees to spend time on the labs and get more hands-on experience out of the course.
Here is a list of interesting sources related to the vRO Master Class course:
In my case, I got 120 minutes because I’ am not a native English speaker. I had to score at least 300 points of the maximum 500 points. I luckily passed the exam with a score of 465.
You can compare this exam to a VMware VCP exam. It looks and feels for 80% the same. The biggest difference is that the exam is about all the products inside the VMware Validated Design. So it is kind of a mix between Datacenter Virtualization (DCV), Network Virtualization (NV) and Cloud Management Automation (CMA).
After passing the exam you are not done yet! You need to perform a VMware Validated Design deployment and get it signed off by the customer. Then you need to perform an interview with the VMware Education team. The details can be found on the VMware Education page.
VMware VVD – Exam Tips
So what do you need to know?… The exam itself is purely focused on the VMware Validated Design version 4.0! Get this through your head… only 4.0! This means you are dealing with the following software versions:
vRealize Log Insight Content Pack for Microsoft SQL Server – 3.1
vSphere Data Protection – 6.1.3
A couple of items were a surprise to me because I realized you can just ask anything about any product in the VVD. A couple of interesting subjects were:
Recovery of the entire platform
VMware Validated Design – Study Material
An interesting video related to the VMware Validated Design (VVD) exam is this “What’s New” video. This video is created by VMware to get a introduction to the VVD 4.0 version. There is just a lot of information that you need to know for the exam. It covers all the components and all the changes they did for version 4.0.
Here is a list of valued web pages and articles that I used for studying for the VVD exam. Most articles are directly from the VMware website, there is not a lot of information about this exam on blogs or other media:
VMware Solution Enablement Toolkit – VMware Validated Design for SDDC (only available for partners)
In the blog post, I cover the VMware VVD Exam that is a nice to have for your badge and certification collection. I don’t think it is as valued as a VCP or VCAP exam in the market but still, it’s another certification.
At the moment I still need to pass the signing off by a customer and the interview with the VMware Education Team. I will probably update this article in a later stage when I completed these steps and share my experience.
When deploying VMware vRealize Automation (vRA) you required to deploy a Windows Server that is responsible for the SQL Server Database. It does not matter if it is a small, medium or large deployment. All deployments require a Microsoft SQL Server. The Microsoft SQL Server is the database for the vRealize Automation IaaS components and is responsible for maintaining information about the machines it manages and its own elements and policies.
In this article, I’m going to describe the vRealize Automation SQL Database Installation with an automated/unattended PowerShell script. This article is mainly focused on the IaaS database part, so no additional information surrounding the installation of vRealize Automation components is descriped.
The following items need to be performed before running the script:
Download the latest Microsoft SQL 2016 Server media from the Microsoft website (SQL 2016 – link).
Download the latest Microsoft SQL Server Management Studio from the Microsoft website (SSMS – link).
Create a virtual machine with Windows Server 2016 installed.
LAB-vRA-IAAS.Lab.local – Running Windows Server 2016 responsible for vRealize Automation IaaS Components
LAB-vRA-SQL.Lab.local – Running Windows Server 2016 responsible for the vRealize Automation IaaS SQL Database
Keep in mind the following items:
The installation code/script for Microsoft SQL Server is tested with the following versions (2016 Non-SP / 2016 SP1 / 2016 SP2). No doubt the code will work with newer releases but make sure to verify all your settings after installation.
I do not take any responsibility and I’m are not liable for any damage caused by this code.
I did not create a script that fully automates everything. It is based on one-liners with a complete configuration. The reason behind this is flexibility. Every environment is different and every customer is different. This way small tweaks can be made to parts of the code or you just use sections of the code.
To display the full functionality of the code I recorded a video and uploaded it to YouTube. You can see the end result below. The video shows you the execution of the one-liners and what the server is configuring. The video starts after the requirements phase is completed.
Unattended Installation Files
So let’s list all the steps that are executed on the new Windows Server to make it ready to store the vRealize Automation IaaS Database:
Format the D drive and make sure it is using a 64k allocation unit size for storing the Database
Format the E drive and make sure it is using a 64k allocation unit size for storing the TempDB
Format the F drive and make use of a default allocation unit size for storing the log files
Assign both domain service accounts local administrator access on the server (svc-iaas / svc-vra–sql)
Create a Windows Firewall rule to allow SQL traffic on the network
Enable multiple Windows Firewall rules to allow the Microsoft Distributed Transaction Coordinator (DTC)
Install Microsoft SQL Server Management Studio
Install Microsoft SQL Server 2016
Reboot the system
Configure the Microsoft Distributed Transaction Coordinator (DTC).
Reboot the system
Verify the system and functioning of the SQL Server
In some cases, an additional G drive is required to store the SQL Backup.
This file is saved as “Microsoft SQL Server 2016 – Commands.ps1” in the “C:\Temp” directory. The SQL Server media is mounted in the B drive (CD-ROM). The SQL Management Studio installation file is located in the “C:\Temp” directory.
##### Files required
# - Microsoft SQL Server 2016 Installation File
# - Microsoft SQL Management Studio 2016 Installation File
##### Volume 1 - DB 64k
$Disk = Get-Disk -Number 1
Set-Disk -InputObject $Disk -IsOffline $false
Initialize-Disk -InputObject $Disk
New-Partition $Disk.Number -UseMaximumSize -DriveLetter D
Format-Volume -DriveLetter D -FileSystem NTFS -AllocationUnitSize 65536 -NewFileSystemLabel "DB" -Confirm:$false
##### Volume 2 - TEMP DB 64k
$Disk = Get-Disk -Number 2
Set-Disk -InputObject $Disk -IsOffline $false
Initialize-Disk -InputObject $Disk
New-Partition $Disk.Number -UseMaximumSize -DriveLetter E
Format-Volume -DriveLetter E -FileSystem NTFS -AllocationUnitSize 65536 -NewFileSystemLabel "TEMP DB" -Confirm:$false
##### Volume 3 - Logs 4k
$Disk = Get-Disk -Number 3
Set-Disk -InputObject $Disk -IsOffline $false
Initialize-Disk -InputObject $Disk
New-Partition $Disk.Number -UseMaximumSize -DriveLetter F
Format-Volume -DriveLetter F -FileSystem NTFS -NewFileSystemLabel "Logs" -Confirm:$false
##### Make the service account member of the local administrators group
Add-LocalGroupMember -Group "Administrators" -Member "svc-vra-iaas"
Add-LocalGroupMember -Group "Administrators" -Member "svc-vra-sql"
##### Windows Firewall
### Windows Firewall - Allow Microsoft SQL Port 1433 TCP
New-NetFirewallRule -DisplayName "Microsoft SQL Server 2016 - SQL - TCP" -Direction Inbound -LocalPort 1433 -Protocol TCP -Action Allow
### Windows Firewall - Enable rule for RPC for DTC
Enable-NetFirewallRule -DisplayName "Distributed Transaction Coordinator (RPC-EPMAP)"
### Windows Firewall - Enable rule for Incoming DTC
Enable-NetFirewallRule -DisplayName "Distributed Transaction Coordinator (TCP-In)"
### Windows Firewall - Enable rule for Outgoing DTC
Enable-NetFirewallRule -DisplayName "Distributed Transaction Coordinator (TCP-Out)"
##### Microsoft SQL Management Studio
C:\Temp\SSMS-Setup-ENU.exe /install /passive /norestart
##### Microsoft SQL Server 2016
B:\Setup.exe /ConfigurationFile="C:\Temp\Microsoft SQL Server 2016 - Configuration.ini"
##### Reboot the server
shutdown -r -t 0
##### Configure the Microsoft Distributed Transaction Coordinator (DTC)
Set-DtcNetworkSetting -DtcName "Local" -RemoteClientAccessEnabled:$true -RemoteAdministrationAccessEnabled:$false -AuthenticationLevel "Mutual" -InboundTransactionsEnabled:$true -OutboundTransactionsEnabled:$true -XATransactionsEnabled:$false -LUTransactionsEnabled:$true -Confirm:$false
##### Reboot the server
shutdown -r -t 0
This file is saved as “Microsoft SQL Server 2016 – Configuration.ini” in the “C:/Temp” directory.
; Author: M. Buijs
; Version: 1.0
; Date: 2018-09-26
; This configuration file is created to install the Microsoft SQL Server 2016 software for VMware vRealize Automation.
; VMware Requirements:
; - Enable TCP/IP protocol for SQL Server.
; - The Microsoft Distributed Transaction Coordinator Service (MS DTC) is enabled on all SQL nodes in the system. MS DTC is required to support database transactions and actions such as workflow creation.
; - If you have a firewall running between the database server, Web servers or IaaS servers, deactivate the firewall or open the ports needed (MS SQL server uses port 1433 and MS DTC requires the use of port 135 over TCP and a random port between 1024 and 65535).
; - The database service account needs to be local administrator on the server (svc-vra-sql).
; - The IaaS service account needs to be local administrator on the server (svc-vra-iaas).
; - Set up Microsoft SQL server with separate OS volumes for SQL Data, Transaction Logs, TempDB, and Backup.
; - The NTFS drive where SQL Server is installed has a file allocation unit (cluster) size of 64 KB.
; SQL Server - Workflow
; Setup Workflow (Install/Uninstall/Upgrade)
; SQL Server - Accept License Agreement (True = Automatically accepted / False = Users needs to accept)
; Specify that SQL Server feature usage data can be collected and sent to Microsoft.
; SQL Server - Unatteded
; Parameter that controls the user interface behavior.
; Setup will not display any user interface.
; Setup will display progress only, without any user interaction.
; Specifies that the detailed Setup log should be piped to the console.
; Specify if errors can be reported to Microsoft to improve future SQL Server releases.
; Displays the command line parameters usage
; SQL Server - Installation Features
; Specifies features to install, uninstall, or upgrade.
; Language Pack (English / United States)
; SQL Server - Updates
; Specify whether SQL Server Setup should discover and include product updates.
; Specify the location where SQL Server Setup will obtain product updates (MU = Microsoft Update).
; SQL Server - Installation Directory
; Specify the root installation directory for shared components.
INSTALLSHAREDDIR="D:\Program Files\Microsoft SQL Server"
; Specify the root installation directory for the WOW64 shared components.
INSTALLSHAREDWOWDIR="D:\Program Files (x86)\Microsoft SQL Server"
; Default directory for the Database Engine backup files.
; Default directory for the Database Engine user databases.
; Directory for Database Engine TempDB files.
; Default directory for the Database Engine user database logs.
; SQL Server - Instance
; Specify a default or named instance. MSSQLSERVER is the default instance for non-Express editions and SQLExpress for Express editions.
; Specify the Instance ID for the SQL Server features you have specified.
; Specify the installation directory.
INSTANCEDIR="D:\Program Files\Microsoft SQL Server"
; Specifies a Windows collation or an SQL collation to use for the Database Engine.
; Level to enable FILESTREAM feature at (0, 1, 2 or 3).
; SQL Server - SA Account
; Specifies the password for the SQL Server SA account.
; Specifies the security mode for SQL Server.
; SQL Server - Service Access
; Windows account(s) to provision as SQL Server system administrators.
; Provision current user as a Database Engine system administrator for SQL Server 2012 Express.
; SQL Server - Connection Support
; Specify 0 to disable or 1 to enable the TCP/IP protocol.
; Specify 0 to disable or 1 to enable the Named Pipes protocol.
; CM brick TCP communication port
; How matrix will use private networks
; How inter brick communication will be protected
; TCP port used by the CM brick
; SQL Server - Agent Service and Service Account
; Auto-start service after installation.
; Specifies the account for the SQL Server Agent service.
; Required Specifies the password for SQL Server Agent service account.
; SQL Server - Browser Service and Service Account
; Startup type for Browser Service.
; SQL Server - Server Service Account
; Startup type for the SQL Server service.
; Account for SQL Server service: Domain\User or system account.
; Specifies the password for SQLSVCACCOUNT.
; SQL Server - Report Server Service and Service Account
; Specifies how the startup mode of the report server NT service.
; Specifies which account the report server NT service should execute under.
; Specifies the password for the startup account for the Reporting Services service.
This blog post helps you to set up a Microsoft SQL Server 2016 for vRealize Automation 7.X. The code can be used in lab and production environments but make sure to verify the configuration. I think there might be more improvements possible related to the one-lines but maybe also additional SQL configuration improvements. Do you have feedback please respond below or send me an email.
To create this article and scripts I used the following resources:
I’m happy to announce that as of today my lightboard session about VMware vRealize Orchestrator (vRO) is online. The guys at ITQ (the company I work for) build a lightboard to record lightboard sessions. So I decided to record a session to help people getting started with automation and introduced to the vRealize Orchestrator.
The session is called “Mischa Buijs explains the benefits of vRealize Orchestrator“. In the session, I explain a basic use case to automate virtual machine provisioning and integrate with external systems like Microsoft Active Directory and a storage array with an SSH interface.
The Storyline Lightboard Session:
Here is an overview of the storyline that I am presenting in the video:
Step 01: We are using the REST API integration in vRO for communicating with VMware NSX-V to provision a new virtual network (Logical Switch).
Step 02: We need storage to provide space for a new virtual machine. So we are leveraging the SSH integration in vRO to create a new volume on the storage array. This can be for example a NetApp FAS array or a FreeNAS virtual appliance.
Step 03: Let’s use vCenter to format the new datastore with VMFS, so it can be used by the ESXi Hosts.
Step 04: Than again we are using the vCenter integration to mount the new volume on an entire vSphere Cluster so let’s say, ten ESXi hosts.
Step 05: We also use the vCenter integration to build a new virtual machine.
Step 06: Now it is time to leverage PowerShell to create a new computer account in Active Directory.
Step 07: The last step is with PowerShell, now we are creating forward and reverse DNS records on the Windows DNS Server.
ITQ YouTube Channel
At ITQ we created a lot of recordings the last couple of months. For all the videos go to the ITQ YouTube channel.
This blog post is dedicated to the VMworld 2018 US announcements. In the post, you will find the articles, links and highlights. VMworld 2018 US is an event that is organized by VMware. The US version is a five-day event that is held in Las Vegas. It takes place from 26 August to 30 August 2018. This page will be updated multiple times to coming days to add additional information and the latest announcements.
Please reply underneath this blog post if you have some additional information. This can also be additional links or blogs posts.
VMworld 2018 US – Product Announcements
In this chapter are all the product announcements. I can tell you there are a lot of announcements made at VMworld 2018.
vRealize Automation (vRA) 7.5
One the first day of VMworld 2018 US vRealize Automation 7.5 was announced.
On the first day of VMworld 2018 US, a new vSphere edition was announced. The product is called vSphere Platinum and it has a tight integration with VMware AppDefense.
The key highlights are:
Benefits for vSphere Admins
Gain visibility into the intent of each virtual machine, and a detailed inventory of application assets and context.
Understand how applications behave and be alerted to potential issues and deviations.
Shrink the attack surface and reduce the risk of security compromise. Establish a simple and powerful way to collaborate with security, compliance and application teams.
Get better visibility and protection with a simple, light-weight and scalable security solution, with no agents to manage, and minimal overhead.
Use what you already own, understand, and run in your data center – vSphere – with its unique visibility, automation and isolation qualities.
Play a larger and critical role in the security of your entire IT environment – Be the Security Hero!
Benefits for Security Teams
Better visibility and situational awareness of application behaviours, and virtual machine purpose.
Faster detection, analysis, and time to response – quickly understand attacks and make fast decisions using application context and scope.
Enhance existing security tools and support compliance efforts through contextual visibility and alerts into application communications and deviations.
Lower false positives – integrated behavioural analytics and machine learning offer a more precise method to identify and respond to threats.
Big data correlation for better identification and context using cloud SaaS model.
Security as an agile business enabler – support DevOps environment through continuous learning and protection.
Easily Coordinate with vSphere Admins and Application teams for better security while respecting existing workflows & maintaining separation of duties.
VMware AppDefense – Protects the integrity of applications running on vSphere, using machine learning to monitor against threats and automate responses. AppDefense locks down the guest operating system for all applications, the VMware application stack and third-party applications. To accomplish this, AppDefense gathers inventory data on virtual machines and applications from vCenter Server, development tools, and automation frameworks and applies machine learning to discover the intended state and establish the known good behaviours for the application and machine. Any deviations from this state are detected and prevented, securing the integrity of the applications, infrastructure, and guest operating system. AppDefense provides detailed visibility for better change management and compliance reporting and also provides a rich set of automated or orchestrated incident response mechanisms to address attacks. Moreover, it leverages machine learning for a simple and automated way to conduct audits and reviews for applications.
FIPS 140-2 Validated VM Encryption, and cross-vCenter Encrypted vMotion – Secure against unauthorized data access both at rest and in motion, across the hybrid cloud. Secure Infrastructure
Secure Boot for ESXi – Allows only VMware and Partner signed code to run in your hypervisor. Secure Boot for Virtual Machines – Helps prevent images from being tampered with and prevents the loading of unauthorized components.
Support for TPM 2.0 for ESXi – Enables hypervisor integrity by validating the Secure Boot for ESXi process and enables remote host attestation.
Virtual TPM 2.0 – Provides the necessary support for guest operating system security features while retaining operational features such as vMotion and disaster recovery.
Support for Microsoft Virtualization Based Security – Supports Windows 10 and Windows 2016 security features, like Credential Guard, on vSphere.
Audit Quality Logging – Enables authorized administration and control by providing high fidelity visibility in vSphere operations.
Also, the VMware Validated Design (VVD) received some new features and changes to the documentation. Personally, the greatest value in this release is the Visio stencils that are available for everyone.
The key highlights are:
Official NSX-T Support
IT Automating IT Scenarios
Intelligent Operations Scenarios
Introduction to Security and Compliance
Certificate Replacement for 2-pod
Certificate Replacement for 1-pod
Architecture and Design of VMware PKS for Workload Domains
There were also a lot of announcements surrounding some new developments/projects.
Project Concord – Project Concord uses Byzantine fault-tolerant consensus protocols to deliver a functioning distributed trust system: one that is both “safe” and “alive.” Concord is a generic state machine replication library that can handle malicious (Byzantine) replicas.
Project Dimension – Project Dimension will extend VMware Cloud to deliver SDDC infrastructure and hardware as-a-service to on-premises locations.
Project Magna – Project Magna will make possible a self-driving data center based on machine learning.
RDS on VMware – VMware demonstrated how Amazon Web Service’s RDS service will run on VMware in a private data center, thus offering developers a familiar RDS Functionality available on VMware in a private data center or at the Edge.
Virtualization on 64-bit ARM for Edge – VMware demonstrated ESXi on 64-bit ARM running on a windmill farm at the Edge.
Just like every year, William Lam from the website virtuallyGhetto creates a GIT repository with all the VMworld sessions. For each session, a recording and presentation are provided. It will probably be a couple of days till weeks until all sessions become available.