#VMworld2015: vRealize Automation 7 Briefing Notes

vmworld2015-logoI was fortunate to attend a vExpert briefing for vRA.Next, which was announced this morning to be vRealize Automation 7. The briefing was run by Jad El-Zein (@virtualjad) along with Grant Orchard (@grantorchard), Brian Graf (@vbriangraf), Kimberly Delgado (@KCDAutomate) and Jon Schulman (@vaficionado) – if that list of names doesn’t fill you with confidence for vRA.Next, then I suggest you follow them on twitter and trust me that it’s a crack team!


#VMworld2015: VCIX-NV Exam Experience

| 12/10/2015 | Tags: , , , , , ,

vmworld2015-logoFor the last few years at VMworld I’ve taken advantage of the discounted exam price and booked a “have-a-go” exam – typically an exam I’ve been wanting to do but not necessarily had the time I wanted to study for it. Since I have been fairly immersed in the NSX world for the last week, sitting in an NSX design and deploy class and surrounded by some very smart networking guys, I changed my “have-a-go” exam from the VCP6-CMA to the VCIX-NV.

The exam experience was a double edged sword – on the one hand I really enjoyed the tasks and found all the questions to be fair. On the other hand I found the latency and the interface to be a real struggle, I needed to reload the web interface 20-30 times, each time costing me 30 seconds – that’s 10-15 minutes of wasted time. I also had to be swapped over to another terminal because mine crashed, with 10 minutes to go to the end.

The exam room was cold…very cold. Nearly four hours in a t-shirt in a heavily air-conditioned room and I was shivering. I should’ve learned from the last time but I didn’t! It’s also a long time to go without a drink too – I was gasping by the time I left.

My initial impression was that I’d failed the exam – I didn’t complete several (3-4) of the questions and I made a mistake early on which I had to spend a long time unpicking. After and hour and 20 minutes I’d only completed 4 of the 18 questions. So when I hit the “finish” button I assumed I’d have a 10 day wait for a failure – fortunately the exam was marked and the result sent to me a couple of hours after the exam was completed, a pass with a decent score Smile

I’d recommend anyone planning to do the exam to go through the blueprint – Martijn Smit (@smitmartijn) has a great VCIX-NV study guide based on the blueprint which you can also download in PDF format. There are two VMware Hands On Labs that cover all of the blueprint functionality, so I would strongly recommend doing those too – and you can do the HOL but not follow any of the guides – break it and fix it.

Building a vRealize Automation NSX Lab on Ravello

imageAs a vExpert, I am blessed to get 1000 CPU hours access to Ravello’s awesome platform and recently I’ve been playing with the AutoLab deployments tailored for Ravello.

If you’re unfamiliar with Ravello’s offering (where have you been?!) then it’s basically a custom hypervisor (HVX) running on either AWS or Google Cloud that allows you to run nested environments on those platforms. I did say it’s awesome.

As an avid home-lab enthusiast Ravello initially felt weird, but having used it for a while I can definitely see the potential to augment, and in some cases completely replace the home lab. I spent some time going through Nigel Poulton’s AWS course on Pluralsight to get a better understanding of the AWS platform and I think that helped, but it’s definitely not required to get started on Ravello.

One more thing to add before I start the setup – even if I didn’t have 1000 hours free, the pricing model means that you could run your lab on Ravello for a fraction of the cost of a higher spec home lab. It’s definitely an option to consider unless you’re running your lab 24/7.


Unable to connect NSX to Lookup Service when using a vSphere 6 subordinate certificate authority (VMCA)

After deploying a new vSphere 6 vCenter Server Appliance (VCSA) and configuring the Platform Services Controller (PSC) to act as a subordinate Certificate Authority (CS), I was unable to register the NSX Manager to the Lookup Service. Try saying that fast after a pint or two!?

Attempting to register NSX to the Lookup Service would result in the following error:

NSX Management Service operation failed.( Initialization of Admin Registration Service Provider failed. Root Cause: Error occurred while registration of lookup service, com.vmware.vim.vmomi.core.exception.CertificateValidationException: Server certificate chain not verified )


Initially I thought that the NSX manager needed to somehow import the VMCA certificate to trust the Lookup Service certificate, however after reaching out to the NBSU ambassadors list I had a reply from Julienne Pham, a Technical Solutions Architect and CTO Ambassador with VMware Professional Services, who pointed me to the correct solution.

It seems that changing the PSC and vCenter certificates (even with the Certificate Manager tool) does not correctly update the service registration information. To quote VMware KB 2109074:

…the vCenter Server system uses a new certificate, but the service registration information on the Platform Services Controller is not updated

To resolve this issue, we need to use the script to register the services correctly. (more…)

VMworld 2014: VCP NV Exam Experience

| 15/10/2014 | Tags: , , , , , ,


It is with great relief that I can announce I have passed my VCP NV (Network Virtualisation) having been caught out by the difficulty of the exam and failing previously.

Exam Preparation

I was fortunate to attend a VMware internal bootcamp (roughly equivalent to the ICM course) for NSX and have had experience deploying production NSX environments, so that is by far the best preparation. As always, the exam blueprint is crucial, you *have* to know all areas covered there. I’ve also been reading the documentation and design and deploy guides published by VMware, and completed the basic and advanced hands on labs that are also freely available. On top of that there is the official practice exam which I strongly suggest you do as it reflects the real exam well, and there are a series of fantastic practice tests by Paul McSharry available while provide a decent test of knowledge.

Exam Experience

It’s a typical VMware VCP level exam consisting of 120 multiple choice questions with 120 minutes to answer them. That’s 1m per question, it may not sound a lot but there are plenty of questions you will answer in seconds. I completed the exam in about 1h25m. Other than that there’s not a huge amount to say about the exam itself due to NDAs!

Advice for takers

Study the blueprint, it really does cover everything you need!
It seems obvious, but know the packet walks and understand how encapsulation changes packets
Have a clear and precise understanding of the components and architecture, and what the use cases are
If you have access to the binaries, install, break, fix, remove, repeat! If not, HOL, you don’t have to follow the guides, you can do your own thing.

Next steps

My score wasn’t great (a pass is a pass right?) so I’m keen to go back over some weaker areas to start with. I am definitely going to look at recertifying my expired CCNA, as this is really good knowledge to take into any NSX engagement. With the VCIX exam recently released, I’ll look towards that also. Finally, lots of lab work with vCAC 6.1 and NSX to really maximise its potential. NSX shines when you see it automated.

Configuring a remote access SSL VPN with VMware NSX

| 11/09/2014 | Tags: , , , , , ,

The NSX Edge Gateway comes pre-armed with the ability to provide an SSL VPN for remote access into your network. This isn’t a new feature (SSL VPN was available in vCloud Networking and Security), but it’s worth a run through. I’m configuring remote access to my Lab, since it’s often useful to access it when on a client site, but traditional VPN connections are often blocked on corporate networks where HTTPS isn’t. (more…)

vCAC 6.0 build-out to distributed model – Part 3.2: Configure load balancing with NSX

This is the second part of the 3rd article in a series about how to build-out a simple vCAC 6 installation to a distributed model.

By the end of this part, we will not have modified the vCAC deployment in any way, we’ll just have 3 configured load balanced URLs


vCAC Simple Install with vPostgres deployed and load balancers prepared

An overview of the steps required are below:

  • Issue and install certificates
  • Deploy an external vPostgres appliance and migrate the vCAC database
  • Configure load balancing
  • Deploy a second vCAC appliance and configure clustering
  • Install and configure additional IaaS server
  • Deploy vCenter Orchestrator Appliance cluster


vCAC 6.0 build-out to distributed model – Part 3.1: Configure Load Balancing with vCNS

This is the first part of the 3rd article in a series about how to build-out a simple vCAC 6 installation to a distributed model.

By the end of this part, we will not have modified the vCAC deployment in any way, we’ll just have 3 configured load balanced URLs


vCAC simple configuration with vPostgres and Load Balancers prepared

An overview of the steps required are below:

  • Issue and install certificates
  • Deploy an external vPostgres appliance and migrate the vCAC database
  • Configure load balancing
  • Deploy a second vCAC appliance and configure clustering
  • Install and configure additional IaaS server
  • Deploy vCenter Orchestrator Appliance cluster


VMworld Europe 2013 – Day 1

| 15/10/2013 | Tags: , , ,

VMworld 2013 - Watch The KeynotesI flew from Gatwick to Barcelona last night to my very first VMworld!

I’m staying in a hotel that is actually quite far from the conference, it’s a metro, train and bus journey away from the conference center and it takes about 40 minutes to get here. On the plus side I was only 5 minutes away from the VMUG party last night so I went over there for an hour or so. Note for future years – stay a little closer to the conference!

General Session

The keynote session was a very slick presentation (think lasers and smoke) from VMware’s CEO Pat Gelslinger with various guests laying out VMware’s vision for the future of the Software Designed DataCenter (SDDC). You can watch the general session here, if you’re interested.

Bloggers zone

If I was to pick one word to describe how I feel after a couple of hours at my very first VMworld, it would have to be “overwhelmed”. This place is massive and there are 8500 people here. I definitely felt a bit lost and isolated, but fortunately I found some familiar faces in the the Bloggers area. Great chats with @dawoo, @greggrobertson5, @vmfcraig, @egrigson and @gurusimran. Massive relief to finally find some people I know (at least from Twitter and LonVMUG). It was good to have some discussions around VCAP exams and also the VCDX process – it’s all very topical and relevant for me as I look towards taking the DCD and moving on to the VCDX process.

#net5716 – Advanced VMware NSX Architecture with Bruce Davie

NSX is an area I am very interested in learning about, and this session provided an overview of NSX and how it’s designed for scalability, how the nuts and bolts of that works (e.g. distributed services) and also how it interacts with physical VTEPs. I found the presenter engaging and the content was really good. The session was absolutely packed and there was plenty of interaction.

#vsvc4811 – Extreme Performance Series: Monster Virtual Machines with Peter Boone and Seongbeom Kim

This session kicked off with a good overview of various memory and processor management techniques. Overall I found this session quite dry with a lot of info and detail, but there’s not much to spice it up. Very good understanding of NUMA/vNUMA and how they affect performance of huge 64 vCPU machines – and also some good info regarding the vSocket/vCore discussion I had with @vmfcraig and @simoneady earlier this year.

Solutions Exchange

I spent some time wandering round the Solutions Exchange, which had some very in-your-face methods of attracting your attention and trying to get your badge scanned. It struck me a pretty shoddy to still be using pretty young girls to attract the primarily male geeks to a stand, but it’s effective – it’s much harder to be rude to one!  I attempted to sit in on a couple of talks with vendors but found the hall too noisy to hear properly, with vendors seeming to compete with each other with loud and over-enthusiastic pitches! There’s a huge range of technology and solutions on offer,  if you can get past the sales patter.

#vBrownbag Unsupported with William Lam

It was great to listen to @lamw doing his unsupported session with some really useful tips on how to evaluate vSphere 5.5. He demoed vmtools for nested ESXi which is awesome, as well as some vCenter Simulator features in the VCSA. Definitely some things to try out in the DefinIT lab, the session should be available on the #vBrownbag feed soon.


Tonight is the vExpert reception which should be a great networking opportunity so I’m looking forward to that. I am hoping to get a relatively early night as today has been packed and tomorrow promises to be just as, if not more gruelling. Promise I’ll try and get some pictures taken tomorrow!