I've been playing about with a compact SRM install in my lab - since I have limited resources and only one site I wanted to create a run-through for anyone learning SRM to be able to do it in their own lab too. I am creating two sites on the same IP subnet (pretend it's a stretched LAN across two sites) and will be protecting a single, tiny Linux web server using vSphere Replication. I'm aiming to cover SAN based replication in a later post.
Below is the list of hosts and VMs running for this exercise:
- ESXi-01 - my "Protected Site" - this is running DC-01, VC-01, SRM-01 and VRA-01 (to be installed later)
- ESXi-02 - my "Recovery Site" - this is running VC-02, SRM-02 and VRA-02 (to be installed later)
- DC-01 – this is my domain controller, I’m only going to use one DC for both “sites” as I don’t have the compute resource available to have a second running. This is also my Certificate Authority.
- VC-01 – this is my primary Virtual Center server, it’s a Windows 2012 R2 server. It is managing ESXi-01.
- VC-02 – this is my “recovery site” and it’s a Virtual Center Server Appliance (VCSA). It is managing ESXi-02
- SRM-01 - “protected site” SRM server, base install of Windows Server 2012 at this point
- SRM-02 - “recovery site” SRM server, base install of Windows Server 2012 at this point
- WEB-01 - this is a really, really, basic Ubuntu web server I've deployed from a template to use for testing.
Right - without further ado, let's get stuck in!
There are many ways to tackle the problem of quickly redeploying or recovering ESXi hosts, Host profiles, Auto deploy etc.. however such options are either out of reach for SME/SMB users where their license does not cover such features or they have very small clusters of which Auto deploy etc would perhaps be considered overkill.
So how can we backup the config of our ESXi hosts? There is a great command you can use in vSphere CLI "vicfg-cfgbackup.pl", which when used with certain switches can either back up or restore your ESXi host config.
Backing up a host
Quite simply you fire up your vSphere CLI client and run the command as shown below, make sure you define a file name as well as the destination folder or it will error.
You will then be prompted for authentication to the host, assuming you input the correct credentials the firmware configuration will be saved successfully to the folder you specified.
You may notice on my example I saved the file type as .tgz, you can drill into the .tgz file and see all of the config this process saves which is kind of handy if you want to be doubly sure it did the job correctly.
Restoring a host
So now you want to restore a host from a backup you have taken, we can use the same command but with the -l switch.
Important things to note
- This action will reboot your host
- This command will want to place your host in maintenance mode so therefore you will need to evacuate any VMs on the host.
- Placing the host into maintenance mode prior to running the command will not work and it will error, the process needs to place the host in maintenance mode itself.
- If you are running a small cluster you will likely need to disable HA while you perform this action to avoid errors being generated due to the lack of available resources.
Example error below
Successful restore below
I have found this to be really handy if I wish to restore a host to a previous running config, and by example will save you having to re-enter all of your network config etc.
I’m fairly new to SRM, but even so this one seemed like a real head-scratcher! If you happen to be using CA signed certificates on your “protected site” vCenter and “recovery site” vCenter servers, when you come to linking the two SRM sites you encounter SSLHandShake errors – basically SRM assumes you want to use certificates for authentication because you’re using signed certificates. If you use the default self-signed certificates, SRM will default to using password authentication (see SRM Authentication). Where the process fails is during the “configure connection” stage, if either one of your vCenter servers does not have CA signed and the other does (throws an error that they are using different authentication methods) or that you are using self-signed certificates for either SRM installation (throws an error that the certificate or CA could not be trusted).
SRM server 'vc-02.definit.local' cannot do a pair operation. The reason is: Local and remote servers are using different authentication methods.
This had me scratching my head, what seemed to be a common problem wasn’t fixed by the common solution. It was actually my fault – too familiar with the product and setting things up too quickly to test.
I installed a VCSA 5.5 instance in my lab as a secondary site for some testing and during the process found I couldn’t log on to the web client – it failed with the error:
Failed to connect to VMware Lookup Service https://vCVA_IP_address:7444/lookupservice/sdk - SSL certificate verification failed.
I had a closer look at the certificate being generated and noticed that the Subject Name was malformed “CN=vc-02.definit.loca” – that led me to the network config of the VCSA. I’d entered the FQDN into the “host name” field, which was in turn being passed to the certificate generation, truncated and throwing the SSL error. Changing the FQDN back to the host name “VC-02” and regenerating the certificate resolved the issue.
If you do have to follow that process, remember to disable the SSL certificate regeneration after it’s fixed – otherwise you’ll suffer slow boot times!
I’ll put that one down to over-familiarity with the product!
Since the keynote by Frank Denneman at the LonVMUG many months ago the PernixData product has been something I wanted to test to see what benefits it may or may not bring to our SQL environment, I did have the good fortune to briefly beta test it last year but this blog post will cover the current full version (FVP 18.104.22.168). I am aware that 1.5 is just around the corner and with it comes full support for vSphere 5.5 whereas the current version that I will be installing supports ESXi hosts on 5.0 or 5.1 and vCenter 5.5 (not mentioned in the minimum requirements)
- 3x Dell R715
- 3x Dell SSD (1 installed in each host)
- iSCSI connected SAN
ESXi Host preparation
The first job is to install the PernixData host extensions to the hosts, I opted to copy the extension to a data store that was accessible to all the hosts. After putting the first host into maintenance mode I quickly encounter my first issue.
This was simply as a result of not removing the previous install from this particular host so it was easy enough to fix by simply removing the previous installation with the following command "cp /opt/pernixdata/bin/prnxuninstall.sh /tmp/ && /tmp/prnxuninstall.sh" (as outlined in the PernixData FVP install guide)
After a reboot of the host (just to make sure) I reran the installation with success.
Management server install
As per the PernixData documentation I created a new AD account which had the appropriate admin permissions on vCenter and local admin rights on the dedicated VM for the FVP management server.
Because this environment uses a vCenter 5.5 Appliance I created a small dedicated VM (Server 2008 R2) for the FVP management server, I installed SQL Express 2008 R2 and then the SQL Express management studio. Once SQL was installed I proceeded to install the FVP Management server, the installation went ahead with no problems. I rebooted the VM (just to be sure) and then once back up I reopened my vSphere client hoping to see the Management plugin listed in the Plugins, however it was not there. I checked the PernixData Windows service which had indeed started successfully.
Checking the logs (<INSTALLDIR>\server\log\prnxms.log) there was clearly a problem.
"2014-02-28 11:50:53,371 [pool-3-thread-1] ERROR Context - Logging by SSPI failed
javax.xml.ws.soap.SOAPFaultException: A general system error occurred: User mydomain\pernixuseraccount, cause: N3Vpx6Common3Sso23DomainNotFoundExceptionE(No Domain found with ID: mydomain)"
I went and double checked the username and its credentials, everything seemed perfectly fine, I restarted the service still the same error.
I wanted to see what configuration was actually being used so I took a quick look at the Configuration file (<INSTALLDIR>\server\conf\prnxms.config)
The following lines in the config file were empty
So as a test I populated the fields with the correct information
It is also important to ensure the following line is set to cleartext (as shown) before restarting the service
After restarting the Management server service it will encrypt the password text and reset the line entry to the following
I then closed and reopened the vSphere client and voila! the FVP Management plug was listed as an available plugin.
After installing the plugin I created a flash Cluster but at this point did not add any SSD devices to the cluster, this will allow us to then add any targeted VMs and gather existing metrics for a few days so we can then compare how much benefit the targetted VMs actually get after "switching it on".
In my next post I will go over the results and my overall experience of using the PernixData product.