It’s been a really great year so far and incredibly busy (no complaints though!)VMware products have featured very high on my to-do list so far this year, with new hosting and DR solutions either completed or well underway. The simplicity, resilience and strength of vSphere never gets old! I have also had the privilege to attend several London VMUG meetings all of which have been excellent! They have been superb opportunities to meet new people, put faces to Twitter names and learn more about current and forthcoming technologies orientated around visualization.
The VM estate that I manage is large: there are more than 20 different clusters and over 300 hosts of varying ages and hardware levels – as a consequence there are various different versions of ESX and ESXi running. Upgrading the hosts is somewhat akin to painting the Forth Bridge, a never-ending task. So keeping the thousands of VMs at the correct hardware and VMtools versions can be a bit of a losing battle.
With the release of vCenter Log Insight Public Beta (http://communities.vmware.com/community/vmtn/vcenter/vcenter-log-insight) I thought I’d strike while the iron is hot and run through the installation and configuration. Deploying the OVF This is such a bread and butter task that it doesn’t require more than a few words – it’s definitely worth looking at the Sizing PDF before you deploy (VMware-vCenter-Log-Insight-1.0-Beta-Virtual-Appliance-Sizing.pdf) as it’s not small even for a test installation. If you’re using less than the recommended 8GB RAM there are additional steps to change the heap size for performance.
The vSphere UMDS provides a way to download patches for VMware servers that have an air-gap, or for some reason aren’t allowed to go out to the internet themselves – in my case a security policy prevented a DMZ vCenter Server from connecting to the internet directly. The solution is to use UMDS to download the updates to a 2nd server that was hosted in the DMZ and then update the vCenter Server from there.
If you work in company with strict password compliance rules, for example under SOX, you might well have to change administrator passwords every month. Doing this on any more than a few hosts is tedious work – even on two hosts it seems like a waste of time logging on the host via SSH (or even enabling it first) before changing the password. Then we also need to audit the change, there’s no point making it for compliance reasons if we can’t then prove we did it!
I am absolutely thrilled to announce that I’ve been awarded vExpert 2013 - it’s such an honour to be listed among these others and hopefully I can continue to contribute throughout the year. I am looking forward to getting stuck in to the vExpert programme. The vExpert announcement is here: http://blogs.vmware.com/vmtn/2013/05/vexpert-2013-awardees-announced.html In other news, one of DefinIT’s contributing authors @SimonEady is a finalist for the VMware V.I.T. Competition and needs your votes!
It’s no secret that installing certificates from an internal CA is a pain in the…vCenter, but having just gone through the process of updating 3 vCenter installations with the 5-7 certificates required for each server I was asked “just why is it we need to do this again?” Why does it require multiple certificates for my vCenter server? In short, each service requires a certificate because it could feasibly be on a server (or servers) of it’s own - take this hypothetical design - each role is hosted on it’s own VM, and there are 7 certificates required - SSO, Inventory Service, vCenter Server, Orchestrator, Web Client, Log Browser and Update Manager.
A problem reared it’s head over the weekend with one of our hosts' Fibre Channel HBAs negotiating it’s way down to 2GB, and consequently introducing massive latency for the LUNs behind it. Analysis showed that the drivers for the HBA were over a year out of date so the suggested fix from VMware was to update the drivers. This is fine to do manually for a few hosts, but would be a real pain for the 300+ hosts in the environment I manage.
So then! of late my attention has been drawn to Cloud Credibility which is a fantastic place to help validate your own and others cloud expertise by completing various tasks. Among other things it encourages you to read up on white papers, carry out lab work (Hands-on-labs), watch training and informational materials and thus rewarding you with points for you and your team. What is also great is points really do mean prizes!
Updating vCenter Server certificates has always been a pain - it has only got worse with the sheer number of services that are running under vSphere 5.1 - each service requiring a unique certificate and to be installed in many complex steps. Fortunately , with the release of the SSL Certificate Automation Tool, VMware have gone some way to reducing the headache. Gather all the components you need OpenSSL installer: http://slproweb.