DefinIT

vCAC 6.0 build-out to distributed model – Part 3.1: Configure Load Balancing with vCNS

This is the first part of the 3rd article in a series about how to build-out a simple vCAC 6 installation to a distributed model.

By the end of this part, we will not have modified the vCAC deployment in any way, we’ll just have 3 configured load balanced URLs

image

vCAC simple configuration with vPostgres and Load Balancers prepared

An overview of the steps required are below:

  • Issue and install certificates
  • Deploy an external vPostgres appliance and migrate the vCAC database
  • Configure load balancing
  • Deploy a second vCAC appliance and configure clustering
  • Install and configure additional IaaS server
  • Deploy vCenter Orchestrator Appliance cluster

(more…)

VCAC 6.0 build-out to distributed model – Part 1: Certificates

This is the first article in a series about how to build-out a simple vCAC 6 installation to a distributed model.

image

Simple vCAC deployment

In a simple installation you have the Identity Appliance, the vCAC appliance (which includes a vPostgres DB and vCenter Orchestrator instance) and an IaaS server. The distributed model still has a single Identity Appliance but clusters 2 or more vCAC appliances behind a load balancer, backed by a separate vPostgres database appliance. The IaaS components are installed on 2 or more IaaS Windows servers and are load balanced, backed by an external MSSQL database. Additionally, the vCenter Orchestrator appliance is used in a failover cluster, backed by the external vPostgres database appliance.

The distributed model can improve availability, redundancy, disaster recovery and performance, however it is more complex to install and manage, and there are still single points of failure – e.g. the vPostgres database is not highly available and although protected by vSphere HA could be the cause of an outage. Clustering the database would provide an improved level of availability but may not be supported by VMware. Similarly the Identity Appliance is currently a single point of failure, although there are also options for high availability there too.

An overview of the steps required is below:

  • Issue and install certificates
  • Deploy an external vPostgres appliance and migrate the vCAC database
  • Configure load balancing
  • Deploy a second vCAC appliance and configure clustering
  • Install and configure additional IaaS server
  • Deploy vCenter Orchestrator Appliance cluster

(more…)

Book review: Networking for VMware Administrators

NetworkingForVMwareAdministratorsI recently got my hands on a copy* of Chris Wahl and Steve Pantol’s Networking for VMware Administrators and was very keen to read it – especially given the reputation of the authors. I came to the book as someone who is at CCNA level (although now expired) and someone who regularly designs complex VMware networks using standard and distributed switches. I would class myself as having a fairly decent understanding of networking, though not a networking specialist.

The book starts out at from a really basic level explaining OSI, what a protocol is etc. and builds on the foundation set out as it progresses. Part I of the book gives are really good explanation of not only the basics of networking, but a lot of the “why” as well. If you’ve done CCNA level networking exams then you will know most of this stuff – but it’s always good to refresh, and maybe cover any gaps.

Part II of the book translates the foundations set out in Part I into the virtual world and takes you through the similarities and differences with between virtual and physical. It gives a good overview of the vSphere Standard Switch (VSS) and vSphere Distributed Switch (vDS) and even has a chapter on the Cisco 1000v. One of the really useful parts of the book are the lab examples and designs, which takes you though the design process and considerations to get to the solution. (more…)

Definit authors awarded vExpert 2014

| 01/04/2014 | Tags: , ,

vExpertIt was with great honor both Sam and I were awarded vExpert 2014 (my first and Sam’s second award!) we are both proud to be listed alongside so many others in the vExpert programme.

You can view the announcement and the full list here – http://blogs.vmware.com/vmtn/2014/04/vexpert-2014-announcement.html

Generating and Installing CA Signed Certificates for VMware SRM 5.5

image I’m fairly new to SRM, but even so this one seemed like a real head-scratcher! If you happen to be using CA signed certificates on your “protected site” vCenter and “recovery site” vCenter servers, when you come to linking the two SRM sites you encounter SSLHandShake errors – basically SRM assumes you want to use certificates for authentication because you’re using signed certificates. If you use the default self-signed certificates, SRM will default to using password authentication (see SRM Authentication). Where the process fails is during the “configure connection” stage, if either one of your vCenter servers does not have CA signed and the other does (throws an error that they are using different authentication methods) or that you are using self-signed certificates for either SRM installation (throws an error that the certificate or CA could not be trusted).

SRM server ‘vc-02.definit.local’ cannot do a pair operation. The reason is: Local and remote servers are using different authentication methods.

image (more…)

VCSA 5.5 Web Client fails to log on with “SSL certificate verification failed”

This had me scratching my head, what seemed to be a common problem wasn’t fixed by the common solution. It was actually my fault – too familiar with the product and setting things up too quickly to test.

I installed a VCSA 5.5 instance in my lab as a secondary site for some testing and during the process found I couldn’t log on to the web client – it failed with the error:

Failed to connect to VMware Lookup Service https://vCVA_IP_address:7444/lookupservice/sdk – SSL certificate verification failed.

There are several VMware KB articles about this (2033338 and 2058430) which point to regenerating the SSL certificate as the solution to this – unfortunately in my case it didn’t seem to work.

I had a closer look at the certificate being generated and noticed that the Subject Name was malformed “CN=vc-02.definit.loca” – that led me to the network config of the VCSA. I’d entered the FQDN into the “host name” field, which was in turn being passed to the certificate generation, truncated and throwing the SSL error. Changing the FQDN back to the host name “VC-02” and regenerating the certificate resolved the issue.

If you do have to follow that process, remember to disable the SSL certificate regeneration after it’s fixed – otherwise you’ll suffer slow boot times!

I’ll put that one down to over-familiarity with the product!

VCP5-IaaS – Exam experience

| 17/01/2014 | Tags: , , , ,

VCP5-Cloud So this morning I took the VMware Infrastructure as a Service exam (VCPVCD510) to gain the VCP5-Cloud qualification. The IaaS exam is available for existing VCP5-DCV holders to take without any other pre-requisites. I am very pleased to say I finished the exam in good time and scored 466/500 – the pass mark is 300.

(more…)

How to Virtualize Mac OS X using ESXi 5.1

As a proof of concept I recently tried to virtualize OS X (Mountain Lion) – It is important to note that VMware is now licensed to do so and you can read more here.

The following is an overview of the steps I followed to achieve my goal in some cases it was trial an error as I am not a regular Mac user.

The Hardware

As OS X requires Apple hardware to run you will have to find yourself a Mac that will install and run ESXi. You can check VMware’s HCL even though the results only listed MacPro5,1 I was able to run ESXi 5.1 on a MacPro4,1. I did try it on an earlier MacPro but no joy. For this proof of concept test i have the following hardware.

  • 2x 4core MacPro4,1
  • 7GB Ram
  • Single 1TB SATA Drive

I am also aware others have used Mac mini’s as Lab machines but I will not cover that here.

ESXi installation

The installation is simple, by burning an ISO with ESXi 5.1 and booting the MacPro from the CD and then follow the usual steps to deploy ESXi.

Note – if you find nothing happens and you end up with a black screen with “Select CD-ROM boot type” its likely your MacPro cannot run ESXi though I have read a few article where individuals have performed firmware updates etc.

Once you have have ESXi installed configure it in what ever fashion you wish (a static IP is never a bad idea)

(more…)

Installing and configuring VMware Infrastructure Navigator 5.8

According to VMware, Infrastructure Navigator is

…a component of the VMware vCenter Operations Management Suite. It automatically discovers application services, visualizes relationships and maps dependencies of applications on virtualized compute, storage and network resources.

Effectively it takes a look at the network connections that are running between your VMs (and physical servers) and works out which applications and services are running on each, and the dependencies – both upstream and downstream – for each VM.

This is particularly useful in large enterprise environments where perhaps application developers have not (shock) documented the dependencies for a particular application. I can think of several times when I’ve been 100% confident that (according to all the documentation provided) I can decommission a server, or the service running on a server, only to have to turn it back on due to a production outage – because an un-documented dependency exists.

Effectively, Infrastructure Navigator leverages VMware Tools to run a netstat command on each VM and work out what connections are being used. It comes with a library of already classified services – e.g. MSSQL running on port 1433 is a pretty obvious service. Non-classified services (or services configured for running on a non-standard port) can be easily added to the library to build up a detailed picture of which VMs depend on each other (as well as “unmanaged” servers/services that are out of the scope of vCenter). (more…)