My Top 3 Favorite/Informative UEM Community Forum Discussions – April/May 2017 – IVANDEMES

Auditing the VMware UEM Configuration Share – IVANDEMES

Exporting/Importing Time Zone settings using VMware UEM – IVANDEMES

My Top 3 Favorite/Informative UEM Community Forum Discussions – June 2017 – IVANDEMES

My Top 3 Favorite/Informative UEM Community Forum Discussions – July 2017 – IVANDEMES

There are some situations in which you need to trace an issue, resolve a conflict, deploy in a predictable manner, or you have to respond quickly to changes in customer requirements and technology. These situations are often unpredictable and stressful. You may suddenly find yourself fixing the same issues again and again. In a blog post series we will try to identify what struggles you may face while working with vRO and how to address them with less effort and for less time.

Struggle 1: You think you have fixed an issue and it suddenly shows up again. Later, it turns out that someone else, in a good will, has changed the same workflow fixing another issue but overriding your changes.

Struggle 2: A colleague leaves the company and now you have to support his workflow. You have no idea what this workflow is about and how it works. You spend a lot of time trying to understand it and still have some troubles with it. And on top of that, you receive a request from the customer to add a new feature or a bug fix to it.

Struggle 3: You wrote a workflow 2 years ago and now you want to extend its functionality while keeping the old features working. You do the change and send it for testing, everything is fine. A week later, the QA comes with a report and tells you about a use case scenario that does not work any more.

Struggle 4: A solution works flawlessly in your development vRO environment but it does not work in staging. So, you go through each workflow and try to find why. It is like Spot 10 Differences but instead of comparing two pictures you compare two environments, and it takes a lot of time.

Struggle 5: You have to prepare a release package, but every time you miss an action or a resource element and you try to deploy to the staging environment, the package does not work. Or you pull everything from one environment and move it to another, and you are ready 2 weeks before the release. But one feature is still not working as it turns out to be more complex than you originally thought.

If you have ever experienced any of the situations above, you will find this blog post series extremely useful. We will show you how to address these problems by using different techniques and tools. We will focus on the DevOps toolchain phases from Code to Continuous Delivery, we will not discuss how you plan what to do or how you operate the solution.

Once you set up and configure your development environment, it will be really easy to follow the development process, as most of its steps are actually automated. In most cases, you will only interact with your development environment and when ready, you will push the changes to a source code control system, get an approval, and the fix or feature will go to production with no human intervention.

Here are some of the topics we will cover in this blog post series:

1. Setting up Development environment and Source code control system
2. Setting up Continuous Integration and Dependency management
3. Setting up Continuous Delivery
4. What principles to follow in architecting your solution and how the tools will support you
5. Why you should write in Javascript and how to do it properly

Stay tuned!

Create a simple stateless desktop for testing using VMware Workstation – IVANDEMES

Live Search VMware UEM Community Templates – IVANDEMES

PowerCLI を楽しむべく、プロンプト文字列を工夫してみようと思います。

以前、下記のような投稿をしましたが・・・

PowerCLI のプロンプト文字列「PowerCLI>」について。

これを応用して、vCenter / ESXi への接続状態によって「PowerCLI」の色を変更してみます。

ということで、

まず下記のような PowerShell スクリプト「set_powercli_prompt.ps1」を

適当なフォルダ（「ドキュメント」配下など、今後も配置しておける場所）に作成しておきます。

ドット スペース「. 」からはじまる1 行目は、通常 PowerCLI が起動時に読み込むスクリプトを読み込んでいます。

そして、$global:DefaultVIServers 変数をもとに、接続している（IsConnected が Trueである）vCenter / ESXi が

1台でもあれば、プロンプトの文字列色を Green に、それ以外の場合は DarkCyan にします。

set_powercli_prompt.ps1

. "C:\Program Files (x86)\VMware\Infrastructure\PowerCLI\Scripts\Initialize-PowerCLIEnvironment.ps1"

Clear-Host

 

function prompt{

    $vc_all = $global:DefaultVIServers

    $vc_connected = $vc_all | where {$_.IsConnected -eq $True}

    if($vc_connected.Count -ge 1){

        $prompt_color = "Green"

    }else{

        $prompt_color = "DarkCyan"

    }

    Write-Host "PowerCLI" -NoNewLine -ForegroundColor $prompt_color

    Write-Host ">" -NoNewLine -ForegroundColor "Gray"

    return " "

}

そして、下記のスクリプトを読み込んで PowerShell を起動するショートカットを作成します。

今回は下記のスクリプトで、デスクトップに「PowerCLI」というショートカットを作成しました。

このスクリプトは上記のものと同じフォルダに配置して、実行します。

create_powercli_shortcut.ps1

$tool_name = "PowerCLI"

$profile_script_name = "set_powercli_prompt.ps1"

 

$shortcut_dir = Join-Path $HOME "Desktop"

$shortcut_path = Join-Path $shortcut_dir ($tool_name + ".lnk")

 

$tool_work_dir = (ls $PSCommandPath).DirectoryName

$profile_path = Join-Path $tool_work_dir $profile_script_name

 

$ps = "powershell"

$ps_argument = ("-NoExit", "-File",  $profile_path) -join " "

 

$wsh = New-Object -ComObject WScript.Shell

$shortcut = $wsh.CreateShortcut($shortcut_path)

$shortcut.TargetPath = $ps

$shortcut.Arguments = $ps_argument

$shortcut.WorkingDirectory = (ls $profile_path).DirectoryName

$shortcut.Save()

上記の「create_powercli_shortcut.ps1」スクリプトを実行すると、

デスクトップに PowerCLI ショートカットが作成されます。

このショートカットは、powershell.exe を下記2つのオプションで起動するだけのものです。

• -NoExit
• -File ～\set_powercli_prompt.ps1  ※プロンプトを変更するスクリプトを指定する。

このショートカットを起動すると、プロンプトが「PowerCLI>」となった PowerShell が起動されます。

そして、Connect-VIServer で vCenter / ESXi に接続すると、プロンプトの色が変わります。

今回の例だと、vCenter 接続中だけ「PowerCLI」が Green になっています。

さらに工夫すれば、接続先の vCenter / ESXi の情報をプロンプトに反映したりすることもできます。

（しかしその分レスポンスに影響するので、やりすぎ注意・・・）

なお今回は、Windows 10 + PowerCLI 6.5 R1 の環境でしか動作を試してません。

以上、PowerCLI のプロンプトを工夫してみる話でした。

PowerNSX を楽しむべく、NSX Manager と vCenter の接続状態をもとに

プロンプト文字列の色を変更してみようと思います。

PowerCLI + vCenter 接続のケースはこちらもどうぞ。

PowerCLI プロンプト文字列に vCenter への接続状態を反映してみる。

今回は、下記の前提です。

• PowerCLI はインストール済み。
• PowerNSX はインストール済み。
• Windows 10 環境で実行。

ということで、

まず下記のような PowerShell スクリプト「set_powernsx_prompt.ps1」を

適当なフォルダ（「ドキュメント」配下など、今後も配置しておける場所）に作成しておきます。

vCenter と NSX Manager の接続状態が自動格納される変数である

$global:DefaultVIServer と $DefaultNSXConnection をもとに、下記のようにプロンプトの色を変更します。

• NSX Manager と vCenter 両方に接続できていたら Cyan
• NSX Manager が連携している vCenter と、接続している vCenter が違ったら怪しいので Red
• NSX Manger だけに接続できていたら DarkCyan
• vCenter だけに接続できていたら Green
• 未接続は Gray

残念ながら、複数台の vCenter に同時接続するケースにはちゃんと対応してません。

set_powernsx_prompt.ps1

$module_list = @(

    "VMware.VimAutomation.Core",

    "VMware.VimAutomation.Vds",

    "PowerNSX"

)

Import-Module $module_list

 

$window_width  = 120

$window_height = 40

$window_buffer = 3000

 

$pshost = Get-Host

$pswindow = $pshost.ui.rawui

 

$pswindow.WindowTitle = "PowerNSX"

 

$newsize = $pswindow.buffersize 

$newsize.height = $window_buffer

$newsize.width = $window_width 

$pswindow.buffersize = $newsize 

 

$newsize = $pswindow.windowsize 

$newsize.height = $window_height 

$newsize.width = $window_width 

$pswindow.windowsize = $newsize

 

Clear-Host

$module = Get-Module -Name PowerNSX

 

Write-Host ""

Write-Host "Welcome to " -NoNewLine

Write-Host $module.Name -foregroundcolor Cyan

Write-Host $module.ProjectUri

Write-Host ""

Write-Host $module.Copyright

Write-Host ""

Write-Host $module.Description

Write-Host ""

(Get-Module $module_list | ft -AutoSize  Name,Version -HideTableHeaders | Out-String).trim()

Write-Host ""

Write-Host "Log in to a vCenter Server and NSX Mnager: "

Write-Host "  Connect-NsxServer -vCenterServer <vCenter Server>" -foregroundcolor yellow

Write-Host ""

 

function prompt{

    $vc = $global:DefaultVIServer

    $nsx = $DefaultNSXConnection

    if(($vc.IsConnected -eq $True) -and ($nsx.Server -ne $null)){

        $prompt_color = "Cyan"

        if($vc.Name -ne $nsx.VIConnection){

            $prompt_color = "Red"

        }

    }

    elseif(($vc.IsConnected -ne $True) -and ($nsx.Server -ne $null)){

        $prompt_color = "DarkCyan"

    }

    elseif(($vc.IsConnected -eq $True) -and ($nsx.Server -eq $null)){

        $prompt_color = "Green"

    }

    else{

        $prompt_color = "Gray"

    }   

    Write-Host "PowerNSX" -NoNewLine -ForegroundColor $prompt_color

    Write-Host ">" -NoNewline

    return " "

}

ついでに、set_powernsx_prompt.ps1 を読み込んで PowerShell を起動するショートカットを作成します。

今回は下記のスクリプトで、デスクトップに「PowerNSX」というショートカットを作成しました。

このスクリプトは上記のスクリプトと同じフォルダに配置して、実行します。

実行するとき、PowerShell の ExecutionPolicy は

スクリプト実行できる設定（RemoteSigned など）にしておきます。

# デスクトップに PowerNSX のショートカットを作成する。

 

$tool_name = "PowerNSX"

$profile_script_name = "set_powernsx_prompt.ps1"

 

$shortcut_dir = Join-Path $HOME "Desktop"

$shortcut_path = Join-Path $shortcut_dir ($tool_name + ".lnk")

 

$tool_work_dir = (ls $PSCommandPath).DirectoryName

$profile_path = Join-Path $tool_work_dir $profile_script_name

 

$ps = "powershell"

$ps_argument = ("-NoExit", "-File",  $profile_path) -join " "

 

$wsh = New-Object -ComObject WScript.Shell

$shortcut = $wsh.CreateShortcut($shortcut_path)

$shortcut.TargetPath = $ps

$shortcut.Arguments = $ps_argument

$shortcut.WorkingDirectory = (ls $profile_path).DirectoryName

$shortcut.Save()

作成した PowerNSX ショートカットをダブルクリックすると、下記のような感じになると思います。

ためしにインストールされた PowerNSX / PowerCLI についての情報も表示してみました。

これで、Connect-NsxServer で接続すると、冒頭のスクリーンショットのようにプロンプト色がかわります。

ラボ環境の NSX などでお楽しみいただければと思います・・・

以上、PowerNSX のプロンプトを工夫してみる話でした。

By design, vRealize Orchestrator (vRO) is an IT process automation tool that makes IT operations faster and less error-prone. However, to get the best out of vRO, you need to know how to overcome the most common challenges you may come across. In this blog, we will focus on how to properly set up your development environment and source code control system (SCCS) to gain full traceability of your development process and be able to resolve conflicts.

As with any type of software development, it all starts with an integrated development environment (IDE) and a SCCS. With vRO, the easiest way is not to change the vRO client with another IDE for developing workflows and actions, but just integrate a SCCS with it and define their interaction.

Depending on how much control you want to have over what you are doing, the interaction between the SCCS and vRO can be manual, semi-automated, and automated. The more manual the interaction is, the more control you will have; and you will be able to use all features of the SCCS. The more automated the interaction is, the more limited you will be on what you can do, especially if you use the fully automated one button approach.

In this post, we will focus on the manual, full-control approach, because if you are doing something serious, which as a reader of this blog I believe you do, the best is to have full control over your source code.

So, let's get started. You have to create a vRO package and put it under version control.

Initial project setup

Create an initial vRO package and store it on your file system

To create an initial vRO package, you need a vRO server and a vRO client.

1. In the Orchestrator client, create a package and add the initial content to the package. See Create a Package in the vRO official documentation.
   
2. Right-click the package and select Expand package to folder.
3. Choose a folder where you want to store your project files. It can be local or remote.
4. Uncheck Export version history.

Although this feature may sounds useful, the expanded package cannot be build with the version history. So, it will just add more unnecessary files.

   5.  Click Save.

        The vRO client generates a pom.xml file.

Now, you have to modify the generated pom.xml file to generate your package from the initial project files.

Modify the generated pom.xml file

1. Navigate to your project folder.
   The folder structure will look like this:
   
2. Open the generated pom.xml.

        The pom.xml will look like this:

<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"  xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">  <modelVersion>4.0.0</modelVersion>  <!--  Maybe you'd like to change this to point to your organization's groupId-->  <groupId>workflow-designer-exported</groupId>  <artifactId>com.vmware.pscoe.demo</artifactId>  <packaging>package</packaging>  <version>1.0.0-SNAPSHOT</version>  <properties>    <keystoreLocation>--Specify me--</keystoreLocation>    <keystorePassword>--Specify me--</keystorePassword>    <vco.version>7.3.0.5481809</vco.version>    <!-- change to vf for releases: it will lock the workflows -->    <allowedMask>vef</allowedMask>  </properties>  <repositories>    <repository>      <id>added-by-archetype</id>      <name>This repo was added by the 'Expand to file system'</name>      <url>https://172.16.202.131:8281/vco-repo</url>    </repository>  </repositories>  <pluginRepositories>    <pluginRepository>      <id>added-by-archetype</id>      <name>This repo was added by the 'Expand to file system'</name>      <url>https://172.16.202.131:8281/vco-repo</url>    </pluginRepository>  </pluginRepositories>  <build>    <plugins>      <plugin>        <groupId>com.vmware.o11n.mojo.pkg</groupId>        <artifactId>maven-o11n-package-plugin</artifactId>        <version>${vco.version}</version>        <extensions>true</extensions>        <configuration>          <packageName>com.vmware.pscoe.demo</packageName>          <!-- Set the local path to the *.vmokeystore file used to sign the content -->          <keystoreLocation>${keystoreLocation}</keystoreLocation>          <keystorePassword>${keystorePassword}</keystorePassword>          <includes>            <include>**/*.element_info.xml</include>          </includes>          <packageFileName>${project.artifactId}-${project.version}</packageFileName>          <allowedMask>${allowedMask}</allowedMask>          <exportVersionHistory>false</exportVersionHistory>        </configuration>      </plugin>    </plugins>  </build></project>

  3.   Modify the Keystore location and password.

        The keystone contains the certificate used to sign the package when creating it. In this case, generate an example self-signed certificate in a keystone following the procedure.

1. Generate the keystore.

   keytool -genkey -keyalg RSA -alias_DunesRSA_Alias_ -keystore example.keystore -storepass password123 -validity 3650 -keysize 2048

2. Answer the questions.
3. Modify the pom.xml

   <keystoreLocation>example.keystore</keystoreLocation> <keystorePassword>password123</keystorePassword>

For production usage, use real certificates.

  4.  Modify the vRO Version.

       The vRO version is used as a version of the vRO maven plug-in and it needs to correspond to the version of the artifact in the maven repository. In this case, we are using vRO as a maven repository.

1. Replace the IP address with the hostname/IP address of your server in the URL - https://172.16.202.131:8281/vco-repo/com/vmware/o11n/mojo/pkg/maven-o11n-package-plugin/.
2. Go to the URL and check the plug-in version. In this case, it shows 7.3.0:
   

          c.  Change the version in the pom.xml to 7.3.0.

Build the vRO package

Build the package from the project sources using mvn. Navigate to your project folder and run the command:

If you use vRO as a repository, you have to change the self-signed certificates on the vRO server. Otherwise, use the -Dmaven.wagon.http.ssl.insecure=true -Dmaven.wagon.http.ssl.allowall=true parameters.

Verify the build

Verify that the command has produced a package in the target folder. 

Put the vRO content under source control

In theory, you can use any kind of SCCS, but here is used Github.

Create new repository

Push the changes

Now you are ready to push changes to your Github repository. This is just an example on how to do it:

Continuous Development

Once you have set up your project and added everything under source control, follow this procedure to do incremental changes to your project:

1. Create a branch in Git.
2. Checkout the branch using SourceTree or Git cli, or any other Git client.
3. Build the package and import it in vRO.
4. Fix an issue or implement a new feature.
5. "Expand" the package to your file system over the newly checkout branch.
6. Commit changes to your local branch. (Might do several commits, repeat the steps 5 and 6).
7. Push the branch to Git.
8. Create a Pull Request:
   1. Inspect the automatically generated diff;
   2. Add reviewers.
9. Reviewers inspect the diff and provide comments.
10. (Optional) Adopt the reviewers suggestions by making new commits with their changes.
11. Merge the Pull Request.
    
    

And there you have it!

Integrating your development environment and source code control system is the first step to proper software development in vRO. Adopting CI/CD will enable you to realize the full potential of agile development and delivery of use cases that fit better to the customers real needs. Following this series of blog posts will help you make it seamless and successful.

Stay tuned!

FROM THE EDITORS VIRTUAL DESK
Hi everyone, this week's newsletter I want to focus on  really great article that has just been posted to our VMware TAM Blog. The blog is titled '9 Tools You Should Be Using in Your VMware Environment' and I think is a really important read. As TAMs we are always stressing the importance of being pro-active, this is part of what we do, try and ensure that we foresee potential issues prior to them occuring and find a solution to mitigate them. There are many tools that we use as TAMs and recommend to our customers, this blog post summarizes many of these. Most of these tools are free, some however are not, however ensuring you gain the knowledge  which tools should be used and when they are most appropriate via your TAM is a great step on the way to being more pro-active and creating a more resiliant, well managed environment.

Please take a look at the blog post here and I wish you all a productive week ahead.

Virtually Yours
VMware TAM Team
Latest News | Twitter | Facebook | LinkedIn | Blog | Newsletter | Archive
-
TAM BLOG | TAM WEBCASTS |
(Kelly Dare) | (Michelle Kaiser) |

VMUG (Jodi Shely)
Full Webcasts List

NEWS AND DEVELOPMENTS FROM VMWARE
Certification Insights: Updating your Email and Account Information
Changing jobs is an exciting time, with lots of people to notify and documents to update. If you use your employer email address for your VMware Education & Certification (myLearn) account, you’ll want to make sure you change your account information before your last day. Here’s how: After you lo...

3 Reasons To Go Hybrid
Customers often view public clouds as a means to gain the agility to respond to changing business needs or accelerate innovation and align costs. While some customers will be completely based in the public cloud, the reality for many customers, if not most, is that they will have a mix of private...

This Earth Day – find out how much Carbon your virtualization infrastructure is avoiding!
Having pioneered the development of server virtualization, VMware has significantly increased the operational efficiency of IT resources. Server virtualization is a key element of cloud computing. It allows for elasticity through rapid provisioning and de-provisioning of services. By reducing the...

9 Tools You Should Be Using in Your VMware Environment
by Jason Boren One of the many things we do as TAMs is ensure that our customers don’t have “shelfware” lying around. If we spend money on something, we want to use it, right? What about software or tools that are free or included as part of a purchase, but are not well publicized? As we start a ...

Learn about vSphere 6.5 – and Win a Drone!
If you haven’t yet taken the Hands-on Lab for vSphere 6.5, now is the perfect time to do so. When it was originally released during VMworld 2016, this lab was running a pre-release version of vSphere. The HOL team has been hard at work, and they have just updated the lab to the officially release...

How to Reset Single Sign On Password in vSphere 6.x
Periodically we’ll be bringing you tech tips from our Technical Training team on topics they receive questions on from the field. Today’s post comes from Rohit Sachdeva a Technical Training Specialist. Rohit is very passionate about delivering VMware technical training. At VMware, he is responsib...

Globally Consistent Infrastructure-as-Code: Why it Matters
In my Radius post “Dissecting Cloud Architectures – Getting the Best of All Worlds,” I discussed the tradeoffs and use cases for choosing the right architecture for a given application or service. I speak with a lot of IT leaders that want to strategically leverage cloud services when possible, b...

vSphere Management Assistant Deprecation
Do you remember when the vSphere Management Assistant (vMA) was introduced? If you do then I’m sure you also remember the reason! Let’s go back to the days when ESXi was not around, remember ESX? ESX had a much larger service console and managing this service console was sometimes harder than it ...

New KB articles published for week ending 15th April 2017
VMware App Volumes Windows 10 Start menu does not work when a Writable Volume is attached Published Date: 2017/04/11 Outlook Search Indexing with App Volumes Published Date: 2017/04/10 VMware ESXi Host client throws Unhandled exception: Error: [$rootScope:inprog] http://errors.angularjs.org/1.3.2...

New Certification & Exams: VCP6.5-DCV
Introducing a new certification: VMware Certified Professional 6.5 – Data Center Virtualization ( VCP6.5-DCV ) VMware vSphere 6.5 enables companies to accelerate their digital transformation to cloud computing and introduces a number of new features and capabilities that increases business agilit...

Journey to the Cloud: Migration Webcast
Your boss is pressuring you about it, every article you read online mentions it, and now your customers expect it. So, what are you waiting for? It’s time to make the move – to the cloud .     Of course, as many organizations quickly discover, the realities of migrating to the cloud are not cut a...

ICSA Labs Certifies NSX Micro-segmentation Capabilities
VMware NSX has achieved ICSA labs Corporate Firewall Certification. With the release of NSX for vSphere® 6.3 , VMware has not only introduced several key security features such as Application Rule Manager and Endpoint Monitoring , which provide deep visibility into the application, and enable a r...

Migration Strategies for the Hybrid Cloud: An Essential Hybridity Guide
It’s a new month, and you know what that means: we’re back again with another edition of vCloud Architecture Toolkit for Service Providers (vCAT-SP) blog series! Every third week of the month, we publish a new article in our ongoing series detailing the many exciting use cases of the VMware vClou...

New VMware Security Advisory VMSA-2017-0008.1
Update 04/21/2017: Updated security advisory to clarify the Unified Access Gateway and Horizon View affected versions. Update 04/19/2017: We have corrected the Horizon View Client for Windows version. Today VMware has released the following new security advisory: VMSA-2017-0008.1 – VMware Unified...

401k, ROTH IRA, and NSX, Wait What?
Today is “ tax day ” here in the United States where the deadline to file your personal income taxes is due and many of us are looking at our tax burden, investments, and how to deal with the 4 million words in the U.S. tax code. So why not take this day to compare the complexity of taxes with th...

Taking the Complexity Out of Cloud Adoption with vCloud Air Hybrid Cloud Manager and Hybrid DMZ
According to recent polls , 92% of US IT professionals stated that adopting the cloud is vital to the long-term business success. Yet even with this brimming optimism, a staggering 90% of workloads today are executed outside of the cloud. The reason: cloud migration is complex .     We hear you. ...

VMware NSX Unplugged: Networking Field Day (#NFD15)
Being a product of the 90’s, one of my favorite past times was MTV’s “Unplugged” series. Whether it was Pearl Jam, or 10,000 Maniacs, or Eric Clapton, there was something about the acoustic, raw, uncut nature of the show that drew me in and made me look at my favorite bands in a new way. This is ...

VMware vSAN and the vCloud Air Network: New Features and Capabilities
By David Hill, Technologist & Evangelist for vCloud Service Provider Business Unit Recently VMware announced the general availability of VMware vSAN 6.6 . This release contains several new features and capabilities. At a high level the new features and capabilities are:   vSAN Encryption – Datast...

Weathervane, a benchmarking tool for virtualized infrastructure and the cloud, is now open source.
Weathervane is a performance benchmarking tool developed at VMware. It lets you assess the performance of your virtualized or cloud environment by driving a load against a realistic application and capturing relevant performance metrics. You might use it to compare the performance characteristics...

Firefox & Chrome Threats Top This Week’s Mobile News
Beware, Firefox and Chrome users. Wordfence reported this week that Firefox and Chrome web browsers are vulnerable to a new threat that lulls users into providing log-in credentials and personal information on fake look-alike sites. Read how to identity these fake sites and protect your personal ...

New Browser Security Threat: What You Need to Know
The latest cybersecurity threat to you and your users may just lie on the very browser you are using to read this article. A new attack is making the rounds on both Firefox and Chrome browsers (software details below). The threat uses Unicode to register domains that look completely identical to ...

3 New AirWatch How To Blogs: Apple DEP Enrollment, Per-App VPN 101 & Android Enterprise
Our amazing technical team here at VMware AirWatch is an incredible wealth of how-to knowledge. They spend every day working with architects, product managers and mobile admins like you to uncover top features, develop best practices and share the knowledge across our community. Over the past mon...

Mobile App Consistency by Design
Here’s how we evolved the Boxer mobile email app into VMware Boxer , an effortless enterprise email experience for our digital workspace productivity apps suite. Leveraging Design Fundamentals Follow the VMware UX Series here. Prior to joining VMware as a designer, I was a designer for Boxer , an...

Hot Swaps & Hot Chicken: How Zaxby’s Grows a Restaurant Chain with VDI
Zaxby’s , a fast-casual restaurant chain with locations in 17 U.S. states, opened its 800 th store in October 2016 and shows no sign of slowing down. The corporate franchising arm of the business, based in Athens, Georgia, uses virtual desktops and a business resumption plan powered by VMware Hor...

Profiling Applications with VMware User Environment Manager, Part 3: Built-In and Custom Exclusions
Co-authored by Pim van de Vis, Product Engineer, User Environment Manager, Research & Development, VMware In Part 1 of this blog series, you were introduced to the VMware User Environment Manager Application Profiler . In Part 2, VLC Media Player was profiled, predefined settings were applied, an...

Unify & Simplify Access Control with VMware Workspace ONE
The New Perimeter for Securing Access from any User or Device Over the last decade, the workforce experienced a phenomenal transformation. This shift, commonly called digital transformation, made it more difficult than ever before to enable secure access to corporate resources. Changes in worksty...

VMware AirWatch Android Enterprise Enhancements
The recent Android enterprise enhancements for VMware AirWatch make setting up an enterprise mobility management (EMM) solution easier than ever. Use these improvements to secure an Android bring-your-own-device (BYOD) deployment, without sacrificing user experience. To get started, check out our...

EXTERNAL NEWS FROM 3RD PARTY BLOGGERS
govcsim - Neat incubation project (vCenter Server & ESXi API based simulator)
I know many of my readers have inquired about VCSIM (vCenter Server Simulator) which was a really useful tool that served a variety of use cases, but unfortunately it had stopped working with the VCSA 6.0 release. VCSIM is another topic that is near and dear to me and it is something I continue t...

Getting started w/the new PowerCLI 6.5.1 Get-VsanView cmdlet
One of the things that I am most excited about from an Automation standpoint with the vSAN 6.6 release is that customers using PowerCLI will now have complete access to the vSAN Management API which we had initially introduced back in vSphere 6.0 Update 2. In PowerCLI 6.5R1, customers only had ac...

Configure the Software iSCSI Adapter in the VMware Host Client
This video provides instructions on how to configure the software iSCSI adapter in the VMware Host Client version 1.8.0 and later

vSAN Health Check fails on vMotion check
Advertise here with BSA On Slack someone asked why the vMotion check for vSAN 6.6 Health Check was failing constantly. It was easy to reproduce when using the vMotion IP Stack on your vMotion VMkernel interface. I went ahead and tested it in my lab, and indeed this was the case. I looked around a...

VMware vSAN 6.6 Demo
Great VMware vSAN 6.6 Demo created by Duncan Epping , more info at Yellow-Bricks

Disk format change going from 6.x to vSAN 6.6?
Advertise here with BSA Internally I received a comment around the upgrade to 6.6 and the disk format version change. When you upgrade to 6.6 also the version of disk changes, it goes to version 5. In the past with these on-disk format changes a data move was needed and the whole disk group would...

SMART drive data now available using vSAN Management 6.6 API
One of the major storage enhancements that was introduced in vSphere 5.1 as part of the new I/O Device Management (IODM) framework was the addition of SMART (Self Monitoring, Analysis And Reporting Technology) data for monitoring FC, FCoE, iSCSI, SAS protocol statistics, this is especially useful...

Where to find the Host Client vSAN section?
Advertise here with BSA I had a couple of people asking already, so I figured I would do a short post on where to find the ESXi Host Client vSAN section. It is fairly straight forward, if you know where to click. Open the Host Client by going to https://<ip address of your host>/ui. Next do the f...

vSAN 6.6 available now
Advertise here with BSA vSAN 6.6 is available now. Check the release notes before you upgrade! Also note that for vSAN users currently on 6.0 Update 3 – upgrade to vSAN 6.6 is not yet supported. If you like to learn more about vSAN 6.6 check the following material: vSAN Encryption demo vSAN 6.6 d...

New vSAN Management 6.6 API / SDKs / CLIs
With all the new awesome capabilities that have been introduced in vSAN 6.6, there is just as much Automation goodness that will be available for our customers to consume to help them easily mange and operate at scale. vSAN Management 6.6 API Below are all the new Managed Objects that have been i...

Erasure Coding and Quorum on vSAN
I was looking at the layout of RAID-5 object configuration the other day, and while these objects were deployed on vSAN with 4 components, something caught my eye. It wasn’t the fact that there were 4 components, which is what one would expect since we implement RAID-5 as a 3+1, i.e. 3 data segme...

DISCLAIMER
While I do my best to publish unbiased information specifically related to VMware solutions there is always the possibility of blog posts that are unrelated, competitive or potentially conflicting that may creep into the newsletter. I apologize for this in advance if I offend anyone and do my best to ensure this does not happen. Please get in touch if you feel any inappropriate material has been published. All information in this newsletter is copyright of the original author. If you are an author and wish to no longer be used in this newsletter please get in touch.

Don’t ask to your Network Administrator: could you handle all my VLAN and security starting from applications? He never say yes! But there are some easy ways that could be taken to gain flexibility deploying and operating network connections between VMs and the external world:

1. Use a Business Process software with REST Api: depending on your environment this process could take hour and days to being deployed and many prayers to make “secure” your environment
2. Use CLI and gain the access to every datacenter switches
3. Use NSX

The last is what every virtualization administrators are looking for but the major part of networking admin are not safe to approve! And this is why I’m writing this post.

All starts from application… but ends soon with Network administrator

One of the most important element that every system administrator must consider during infrastructure design is the application perspective: the only contact point with the development staff! Depending on the experiences of your dev engineer, you should be able to get some important application characteristics  like:

• capacities
• functional diagrams
• performance metrics

But there is a forever missed argument on your interview that often cause a security problem:

• network connections (LAN)
• ports and sessions
• service availability

They always say: networks and security are up to you and the network team! Before NSX this was the exasperation of the project interviews, and you, the poor infrastructure administrator, are acting as “the man in middle” to try to fit what was missing with the environment you are working on!

Giving a security perspective, the top from application perspective is:

• segment every connection
• handle every traffic under the magnifying glass
• change the network topology and provide the isolation as provided by gap air
• don’t change network topology in test and DR environment

From systems perspective working in datacenter means:

• simplify where is possible
• introduce security on every network segment
• centralize the management

There are some challenges near some worries that must be covered using the technology and this is the case where software defined paradigm aid to build a flexible and secure virtual datacenter.

Hardware (not)commodity?

Traditional datacenter net deployment is composed by:

• firewall/router
• switch (2n per every rack)
• server and storage

Firewall/router and L3 switch on top of the scheme represent the single point of failure of the entire network (for some manager is the way to spend a lot of budget!). Talking about connection flows: cps (connections per second) and throughput are the two main critical factors to consider to avoid networking congestions. For every connection starting for VM and ending to another VM, quite all physical network devices are involved in linking and controlling every packet, even if the traffic doesn’t go outside the vDC. There is a “waste” of resources!

Let NSX exceeds the limits with VXLAN

From more and more literature about NSX there is a scheme that shows every component from management plane to data plane. Let’s take a look here: https://communities.vmware.com/docs/DOC-30645 There are 3 key elements that are involved in data flow optimization:

• VXLAN
• DLR Distributed Logical Router
• DFW Distributed Firewall

VXLAN could be defined as a L2 in a L3 connection, build to virtualize network traffic inside physical or logical connection (https://tools.ietf.org/html/rfc7348). During NSX host preparation one vib enables virtual switches through a vmkKernel interface to use this “service” and start deploying logical connection starting from index 5000 (it’s a convention used to separate VXLAN index from VLAN: a value greater than  4096). The prerequisites are:

• all host in the cluster must be connected to a common distributed switch
• MTU for physical and virtual network elements must be set > 1550 (1600 is the default)
• NIC teaming policy design must be the same for every portgroup in the distributed switch

Using a transport zone, a global connection between every hosts involved in one or more VXLAN connections, every hosts through vmkernel service, called VTEP, could establish a network connection like happens in physical world. In other words every packet generated by a single VM follows this sequence:

1. Through virtual nic the packet arrives to the VXLAN port group (generated after VXLAN segment deployment aka logical switch deployment) which is handled by the VTEP
2. VTEP relative to the Host which handle MAC address tables and MAC address resolution.
3. If destination VM is in the same host, the “link” will be established with no traffic outside the host, otherwise, through Transport zone, packet is encapsulated and transmitted to the other ESXi host, which is handling the VM
4. VTEP of the other host de-capsulate the packet and bring it to destination VM.

Source: https://communities.vmware.com/docs/DOC-27683

Apparently this could be a complication of the “standard” way to make networking in a virtual environment… but let’s see the benefits:

• No physical intervention: all traffic flows through a single VLAN!
• Bypass the limit of 4095 VLAN
• Take the control of the entire networking through a unique interface, because every logical switch has more than a simple connection mechanism… let’s see in the next paragraph!

Let NSX routes your packets with DLR

Suppose you’re going to handle connections between two VM connected to two separated VXLAN segments:

Source: https://communities.vmware.com/docs/DOC-27683

Near ARP table, there is a vSwitch vib called DLR that handles (and shares) a routing table. The new sequence from VM1 to VM2 will be

1. The packet flows through VXLAN portgroup (aka logical switch portgroup) and arrives to the default gateway located to local DLR
2. A routing lookup is performed at local Distributed Local Router which indicates the destination logical interface (LIF) logically connected to destination VXLAN segment, and a lookup ARP table is performed to determine the VM destination MAC address (ARP requests could be done is ARP table doesn’t contain the resolved IP address)
3. If the VM is placed outside Host the packed is encapsulated and sent to destination Host, otherwise the packet is sent to destination VM without flowing out the host.
4. The destination VTEP de-capsulate the packet and send it to destination VM

Do you remember the same situation the In physical world? Single or multiple router, with a single connections per second limit, must be deployed… and large amount of traffic will be flowed across every switches places between hosts and router. In the current case no traffic goes outside the transport network!

Let NSX secure your traffic with DFW

Last but not the least is the firewalling check in every segment to protect north-south and east-west traffics. With a similar mechanism of DLR, every packet is checked by Distributed Firewall (L2-L4 stateful), using a Rule Table and a Connection Tracker Table to allow or deny connections before the packet is going out of logical switch.

For every packet sent and/or received by a VM:

1. a connection tracker lookup is done to check if an entry of the flow already exists
2. if no  entry has found, a rule table lookup is done to verify which rule is applicable
3. if action is Allow the packet flows outside the DFW

Source: https://communities.vmware.com/docs/DOC-27683

Note that no traffic is generated in every direction in order to analyze and permit/deny the traffic. In old physical deployment this is could not be happened because firewall connection is after switch connection. The result is that every flow generates a lot of connection and the core firewall must be well sized in order to guarantee security and availability.

Physical World connections at the “Edge” and more

VXLAN, DFL and DFW are involved in east-west traffic to realize a resilient and efficient networking cluster. Using NSX EDGE it could be possible to handle traffic and services outside the vDatacenter: the north-south connection. Let’s see an example:

http://blog.linoproject.net/wp-content/uploads/2017/04/image-17.png

Source: https://communities.vmware.com/docs/DOC-27683

The combination of DLR and VXLAN could be used to realize east-west traffic and the EDGE is used to route packets in a portgroup which is physically connect to a switch. Out of the box EDGE is a virtual Router/Firewall (a VM) that brings many services like firewall rule and routing table but also NAT, load balancing and VPN. Be in a virtual environment gains the advantage to interconnect VM with a “software link” that could be used to make a bridge for the physical world.

A new network design

Well! The question is: with these elements is it mandatory a physical firewall? I could say NO only if the north traffic is clean… in a other words: only if you are not directly connected to Internet. Watching what is going on about the newest the security attacks, I suggest a L7 protection using:

1. A 3rd party plugin like F5, CheckPoint, TrendMicro
2. Use a physical IDS/IPS

Thinking all virtual this could be a great solution:

Physically is really simple: a top of the rack switch (min 2 stacked) and a cluster of physical server with only 3 VLAN running across the entire host with a single dVS. Just few notes:

• consider the using of 10Gbe switch with 10 Gbe SFP+ NICs;
• in order to use VSAN consider a correct throughput (the best is a separate network infrastructure for this purpose);
• in you’re expanding this cluster across multiple racks, consider the “leaf-spine” network topology for production network.

And now you’re the King!

Notes and Sources

There’s a lot of documentation and integration, with some success cases. For study I really suggest the design guide available here: https://communities.vmware.com/docs/DOC-27683 (the major part of the images are taken from this document)

For newbie there is a classic “For dummies” guide that I found really well written for who is approaching to network virtualization with an eye to practical uses… Here the link to register and download a free copy

Near the literature, I suggest to practice with Hands on Lab to preview all these functionalities without wasting time for setting up a test environment:  http://www.vmware.com/go/try-nsx-en

vSAN Memory consume – Virtualization

안녕하세요, 오랜만에 글을 올립니다. 당분간은 VMware 중 vSAN 에 관련된 포스트를 주로 올릴려고 합니다.

vSAN 을 도입하는 경우, vSAN 이 ESXi 내에 함께 통합되어 있기 때문에, vSAN 동작을 위해서 필요로 하는 메모리의 양이 있습니다.

기본적으로 vSAN 6.0 - 6.5 버전들의 메모리 사용량은 아래와 같은 공식으로 계산됩니다.

BaseConsumption + (NumDiskGroups x ( DiskGroupBaseConsumption + (SSDMemOverheadPerGB x SSDSize)))

부수적으로 설명을 드리면,

BaseConsumption : vSAN 구성시 기본적으로 사용하는 고정적인 사용량. 현재 버전에서는 3GB 이며, vSAN directory 및 메타데이타, 메모리 캐쉬를 저장하는 공간입니다.
NumDiskGroups : 호스트당 디스크 그룹의 숫자 입니다. 1~5 가 될 수 있겠습니다.

DiskGroupBaseConsumption : 각각의 디스크 그룹이 사용하는 고정적인 사용량이며, 현재는 500MB 입니다. 디스크 그룹레벨에서의 온라인 오퍼레이션을 위해서 리소스를 할당할 때 사용합니다.

SSDMemOverheadPerGB  :  SSD 의 GB 당 사용하는 고정적인 사용량입니다. Hybrid configuration 에서는 2MB 이고, ALL flash 구성에서는 7MB 입니다. Write buffer 와 read cache 로 인하여 변경되는 SSD 내의 Block 을 트래킹하기 위해 사용됩니다.

SSDSize : SSD 용량입니다. GB 단위 입니다.

계산 예제는 다음과 같습니다.

1. 1개의 디스크 그룹, Hybrid Configuration, SSD 용량은 400GB
   1. BaseConsumption + (NumDiskGroups x ( DiskGroupBaseConsumption + (SSDMemOverheadPerGB x SSDSize)))
   2. 3GB + (1 x ( 500MB + (2MB x 400))) = 3GB + 1 x (500MB + 800 MB) = 3GB + 1300MB = 4.3GB
2. 3개의 디스크 그룹, Hybrid Configuration, SSD 용량은 400GB
   1. BaseConsumption + (NumDiskGroups x ( DiskGroupBaseConsumption + (SSDMemOverheadPerGB x SSDSize)))
   2. 3GB + (3 x ( 500MB + (2MB x 400))) = 3GB + 3 x (500MB + 800 MB) = 3GB + 3900MB = 6.9GB
3. 1개의 디스크 그룹, All flash Configuration, SSD 용량은 400GB
   1. BaseConsumption + (NumDiskGroups x ( DiskGroupBaseConsumption + (SSDMemOverheadPerGB x SSDSize)))
   2. 3GB + (1 x ( 500MB + (7MB x 400))) = 3GB + 1 x (500MB + 2800 MB) = 3GB + 3300MB = 6.3GB
4. 3개의 디스크 그룹, All flash Configuration, SSD 용량은 400GB
   1. BaseConsumption + (NumDiskGroups x ( DiskGroupBaseConsumption + (SSDMemOverheadPerGB x SSDSize)))
   2. 3GB + (3 x ( 500MB + (7MB x 400))) = 3GB + 3 x (500MB + 2800 MB) = 3GB + 9900MB = 12.9GB

클러스터내의 호스트가 32대를 넘어가면 BaseConsumption 이 3.3GB 로 증가합니다.만약 호스트의 메모리가 32GB 가 되지 않으면 다음과 같이, 사용하는 메모리의 양이 Scale down 되며, 계산공식에 다음이 추가됩니다.(BaseConsumption + (NumDiskGroups x ( DiskGroupBaseConsumption + (SSDMemOverheadPerGB x SSDSize))) ) * SystemMemory / 32위의 계산 예제에 적용을 하면 (호스트의 메모리는 16GB 로 가정하겠습니다.)

1. 1개의 디스크 그룹, Hybrid Configuration, SSD 용량은 400GB
   1. BaseConsumption + (NumDiskGroups x ( DiskGroupBaseConsumption + (SSDMemOverheadPerGB x SSDSize))) * SystemMemory / 32
   2. (3GB + (1 x ( 500MB + (2MB x 400)))) * 16 / 32 = (3GB + 1 x (500MB + 800 MB)) / 2 = (3GB + 1300MB) / 2  = 2.15GB
2. 3개의 디스크 그룹, Hybrid Configuration, SSD 용량은 400GB
   1. BaseConsumption + (NumDiskGroups x ( DiskGroupBaseConsumption + (SSDMemOverheadPerGB x SSDSize))) * SystemMemory / 32
   2. (3GB + (3 x ( 500MB + (2MB x 400)))) * 16 / 32 = 3GB + 3 x (500MB + 800 MB) / 2 = 3GB + 3900MB = 3.45GB
3. 1개의 디스크 그룹, All flash Configuration, SSD 용량은 400GB
   1. BaseConsumption + (NumDiskGroups x ( DiskGroupBaseConsumption + (SSDMemOverheadPerGB x SSDSize))) * SystemMemory / 32
   2. (3GB + (1 x ( 500MB + (7MB x 400)))) * 16 / 32 = 3GB + 1 x (500MB + 2800 MB) / 2 = 3GB + 3300MB = 3.15GB
4. 3개의 디스크 그룹, All flash Configuration, SSD 용량은 400GB
   1. BaseConsumption + (NumDiskGroups x ( DiskGroupBaseConsumption + (SSDMemOverheadPerGB x SSDSize))) * SystemMemory / 32
   2. (3GB + (3 x ( 500MB + (7MB x 400)))) * 16 / 32 = 3GB + 3 x (500MB + 2800 MB) / 2 = 3GB + 9900MB = 6.45GB

vSAN 6.6 에는 해당되지 않는 내용이니 참고하시기 바랍니다.

KB 로도 확인하실 수 있습니다.

https://kb.vmware.com/kb/2113954

http://wp.me/p8Eoyc-5W

vSAN 을 사용하는 환경에서 간혹 Power on 상태의 VM 의 vSAN Storage Policy 를 변경하는 경우 아래와 같은 메세지와 함께 적용이 되지 않는 경우가 있습니다.

The attemped operation cannot be performed in the current state(Powered on)

일반적인 VM 에서는 거의 나타나지 않을텐데요, vSphere Converter 등을 사용하여 P2V 가 된 VM 에서 간혹 발생할 수 있습니다.

그 이유는 P2V 된 VM 의 경우 Hard disk 의 Virtual Device Node type 이 IDE 로 되어있는 경우가 있기 때문입니다.

IDE 는 Hot re-configuration 을 지원하지 않기 때문에 SCSI 로 변경하면 해결될 것입니다.

온라인 상으로는 변경이 안되기 때문에 Power off 가 필요합니다.

다음 KB 도 참조하시기 바랍니다.

Converting a virtual IDE disk to a virtual SCSI disk

https://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=1016192

using vSAN and non-vSAN disks with the same storage controller – Virtualization

실제로 필드에서 vSAN 을 구성할 때에 많이들 실수하시는 부분입니다.

Storage Controller 는 종류에 따라 pass-though 또는 Single Raid 0 만 지원하거나 둘다 지원하는 모델이 있습니다.

예를 들어 Dell 의 H730 Controller 의 경우 VMware HCL (VCG) 에 따르면 pass-though 만 지원하는 모델입니다.

그래서 어떤 경우가 생기는가 하면 늘 하던데로, Disk 2개는 Raid 1 으로 묶어서 OS 영역으로 사용하고, 나머지 디스크들은 vSAN 용으로 사용하시는 경우가 있습니다.

그러나 이 구성은 지원하지 않는 구성입니다.

https://kb.vmware.com/selfservice/search.do?cmd=displayKC&docType=kc&docTypeID=DT_KB_1_1&externalId=2129050

위의 내용을 정리하면 아래와 같습니다.

1. vSAN disk 와 non-vSAN disk 가 같은 컨트롤러에 연결되어 있을 때는 Raid Mode 와 Pass-through 를 Mix 하지 말것
   • vSAN disk 가 pass-through/JBOD 라면 OS 용 디스크도 pass-though/JBOD 타입이어야 함
   • vSAN disk 가 Raid mode 로 구성되어 있다면(Single Raid 0) OS 용 디스크도 반드시 Raid Mode 로 구성해야 함.
   • pass-through 디스크와 Raid 디스크가 mix 되어있는 구성은 vSAN 구성에 부정적인 영향을 주기 때문에 구성하면 안됨 (DU 및 DL 발생가능)
2. Local 디스크에 ESXi 를 설치할 경우 Local VMFS datastore 가 생성이 되는데요, 이 공간에서는 VM 를 running 하거나 하면 안됩니다. 이 공간의 사용용도는 Scratch partition / Logging / core dump partition/vsantrace 의 용도로만 제한됩니다.
3. 다만 Storage Controller 가 Dell PERC H730 시리즈인 경우 위의 2번의 용도로도 사용할 수 없습니다. ESXi 를 설치하고 나서 생성된 VMFS Datastore 를 삭제해야 합니다. (관련 내용 : https://kb.vmware.com/selfservice/search.do?cmd=displayKC&docType=kc&docTypeID=DT_KB_1_1&externalId=2136374)
   • 위의 경우 local datastore 를 사용할 수 없기 때문에 Scratch Partition / Logging / Core dump partition 용도로 별도의 외부 데이터 스토어가 필요합니다. NFS 가 좋을듯 하네요. 구성하지 않을 경우 Scratch partition 이 ramdisk 상에 생기기 때문에 호스트 Reboot 시에 관련 로그 데이터가 전부 유실됩니다.

• 위의 사항이 불가능하다면 별도의 NFS datastore 가 필요함 (Scratch Partition / Logging / Core dump / vsantrace  용도로)

SD 카드에 ESXi 설치시 고려사항 – Virtualization

최근에는 서버내에 SD카드를 내장해서 OS 영역으로 쓰는 경우가 있는데, 이 경우에 고려해야 할 사항 몇가지를 알아보겠습니다.

SD 카드에 ESXi 를 설치할 경우 문제가 되는 부분이 Scratch partition 인데요, 그 이유는 SD 카드에는 VMFS Datastore 를 생성할 수 없기 때문입니다.

따라서 설치후에는 Scratch Partition 이 Ramdisk 위에 올라가기 때문에, host reboot 시에 해당 파티션내의 파일들이 유실되는 경우가 발생합니다. 유실되는 대상은 주로.. vsantrace 파일이나 /var/log, 그리고 core dump 등입니다. 장애로 인하여 PSOD 가 발생했을 때에 관련 로그들이 사라지기 때문에 난감한 경우가 발생합니다.

따라서 SD 카드위에 OS 를 설치를 하는 경우, 별도의 Local VMFS datastore 나 NFS datastore로 scratch partition 경로를 변경해주어야 합니다. 하지만 대체로 vSAN 구성시에는 별도의 Local VMFS datastore 나 NFS 가 없는 경우가 간혹 있지요..

이 경우 가장 권장되는 것은 SD카드가 아닌 SATADOM Device 에 ESXi 를 설치하는 것입니다. 아래와 같이 생겼습니다. 물론 제품마다 생김새는 조금 다릅니다.

SATADOM 이 낯선 분들도 계실것 같아서 간단히 설명을 드리면.. SATA 포트에 직접 연결하는 소형 SSD 라고 보시면 될것 같습니다. 64GB 이상을 사용하실것을 권장하고요. SATADOM 은 SSD disk 이기 때문에 VMFS datastore 생성이 가능합니다.

물론 SATADOM 도 디스크이기 때문에 이전 포스트에서 언급했던 non-vSAN disk 와 vSAN disk 가 같은 컨트롤러내에 있을시의 제약사항도 그대로 적용받습니다.

추가적으로 syslog 나 scratch partition/vsantrace location 을 vSAN datastore 로 지정하시면 안됩니다. 그 이유는 다음 KB 에 설명되어 있습니다.

Redirecting system logs to a vSAN object causes an ESXi host lock up https://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=2147541

간단히 요약하면, ESXi 가 vCenter 상에 응답없음 상태로 빠지는 경우가 있어서 그 때는 vSAN 쪽으로 I/O 가 정상적으로 발생하지 않기 때문에 문제가 생깁니다.

추가적으로 scratch partition 생성의 경우 다음 KB 를 참조하여 주십시오.https://kb.vmware.com/selfservice/search.do?cmd=displayKC&docType=kc&docTypeID=DT_KB_1_1&externalId=1033696

https://kb.vmware.com/selfservice/search.do?cmd=displayKC&docType=kc&docTypeID=DT_KB_1_1&externalId=1033696

Vsphere Private VLAN | VMware,Microsoft Knowledge Sharing Portal

It's Triple-Point Tuesday at CloudCredibility.com

Signing up is EASY. Establishing your CloudCred will take some skill...

vExpert Testimonials address the question:

Why get NV Certification?

What really is in it for you?

Find out, today only, for Triple-Points!

NewTask 4246: Chris Neale: VCP-NV=EZ

NewTask 4247: Javier Rodriguez: VMware Network Virtualization (NSX)

NewTask 4248: Lino Telera: be VMware Certified

NewTask 4249: Christian Parker: VMware NSX: VCP6-NV

New Task 4250: Fabian Lenz: Why learn VMware #NSX

Azure Stack Technical Preview 3 (TP3) Overview Preview Review

Perhaps you are aware or use Microsoft Azure, how about  Azure Stack?

This is part one of a two-part series looking at Microsoft Azure Stack providing an overview, preview and review. Read part two here that looks at my experiences installing Microsoft Azure Stack Technical Preview 3 (TP3).

For those who are not aware, Azure Stack is a private on-premise  extension of the Azure public cloud environment. Azure Stack now in technical preview three (e.g. TP3), or  what you might also refer to as a beta (get the bits here).

In addition to being available via download as a preview, Microsoft is also working with vendors such as Cisco, Dell EMC, HPE, Lenovo and others who have announced Azure Stack support. Vendors such as Dell EMC have also made proof of concept kits available that you can buy including server with storage and software. Microsoft has also indicated that once launched for production versions scaling from a few to many nodes, that a single node proof of concept or development system will also remain available.

Software-Defined Data Infrastructures (SDDI) aka Software-defined Data Centers, Cloud, Virtual and Legacy

Besides being an on-premise, private  cloud variant, Azure Stack is also hybrid capable being able to work with  public cloud Azure. In addition to working with public cloud Azure, Azure  Stack services and in particular workloads can also work with traditional  Microsoft, Linux and others. You can use pre built solutions from the Azure marketplace, in addition to developing your applications using Azure services and DevOps tools. Azure Stack enables hybrid deployment into public or private cloud to balance flexibility, control and your needs.

Azure Stack Overview

Microsoft Azure Stack is an on premise (e.g. in your own data center) private (or hybrid when connected to Azure) cloud platform. Currently Azure Stack is in Technical Preview 3 (e.g. TP3) and available as a proof of concept (POC) download from Microsoft. You can use Azure Stack TP3 as a POC for learning, demonstrating and trying features among other activities. Here is link to a Microsoft Video providing an overview of Azure Stack, and here is a good summary of roadmap, licensing and related items.

In summary, Microsoft Azure Stack is:

• A onsite, on premise, in your data center extension of Microsoft Azure public cloud
• Enabling private and hybrid cloud with strong integration along with common experiences with Azure
• Adopt, deploy, leverage cloud on your terms and timeline choosing what works best for you
• Common processes, tools, interfaces, management and user experiences
• Leverage speed of deployment and configuration with a purpose-built integrate solution
• Support existing and cloud native Windows, Linux, Container and other services
• Available as a public preview via software download, as well as vendors offering solutions

What is Azure Stack Technical Preview 3 (TP3)

This version of Azure Stack is a single node running on a lone physical machine (PM) aka bare metal (BM). However can also be installed into a virtual machine (VM) using nesting. For example I have Azure Stack TP3 running nested on a VMware vSphere ESXi 6.5 systems with a Windows Server 2016 VM as its base operating system.

    Click here or on the above image to view list of VMs and other services (Image via Microsoft.com)

The TP3 POC Azure Stack is not intended for production environments, only for testing, evaluation, learning and demonstrations as part of its terms of use. This version of Azure Stack is associated with a single node identity such as Azure Active Directory (AAD) integrated with Azure, or Active Directory Federation Services (ADFS) for standalone modes. Note that since this is a single server deployment, it is not intended for performance, rather, for evaluating functionality, features, APIs and other activities. Learn more about Azure Stack TP3 details here (or click on image) including names of various virtual machines (VMs) as well as their roles.

Where to learn more

The following provide more information and insight about Azure, Azure Stack, Microsoft and Windows among related topics.

• Azure Stack Technical Preview 3 (TP3) Overview Preview Review
• Azure Stack TP3 Overview Preview Review Part II
• Azure Stack Technical Preview (get the bits aka software download here)
• Azure Stack deployment prerequisites (Microsoft)
• Microsoft Azure Stack troubleshooting (Microsoft  Docs)
• Azure Stack TP3 refresh tips (Azure Stack)
• Here is a good post with a tip about not applying certain Windows updates to Azure stack TP3 installs.
• Configure Azure stack TP3 to be available on your own network (Azure Stack)
• Azure Stack TP3 Marketplace syndication (Azure Stack)
• Azure Stack TP3 deployment experiences (Azure Stack)
• Frequently asked questions for Azure Stack (Microsoft)
• Deploy Azure Stack (Microsoft)
• Connect to Azure Stack (Microsoft)
• Azure Active Directory (AAD) and Active Directory Federation Services (ADFS)
• Azure Stack TP2 deployment experiences by Niklas Akerlund (@vNiklas) useful for tips for TP3
• Deployment Checker for Azure Stack Technical Preview (Microsoft Technet)
• Azure stack and other tools (Github)
• How to enable nested virtualization on Hyper-V Windows Server 2016
• Dell EMC announce Microsoft Hybrid Cloud Azure Stack (Dell EMC)
• Dell EMC Cloud for Microsoft Azure Stack (Dell EMC)
• Dell EMC Cloud for Microsoft Azure Stack Data Sheet (Dell EMC PDF)
• Dell EMC Cloud Chats (Dell EMC Blog)
• Microsoft Azure stack forum
• Dell EMC Microsoft Azure Stack solution
• Gaining Server Storage I/O Insight into Microsoft Windows Server 2016
• Overview Review of Microsoft ReFS (Reliable File System) and resource links
• Via WServerNews.com Cloud (Microsoft Azure) storage considerations
• Via CloudComputingAdmin.com Cloud Storage Decision Making: Using Microsoft Azure for cloud storage
• www.thenvmeplace.com, www.thessdplace.com, www.objectstoragecenter.com and www.storageio.com/converge

What this  all means

A common question is if there is demand  for private and hybrid cloud, in fact,  some industry expert pundits have even said private,  or hybrid are dead which is interesting, how can something be dead if it is  just getting started. Likewise, it is  early to tell if Azure Stack will gain traction with various organizations,  some of whom may have tried or struggled with OpenStack among others.

Given a large number  of Microsoft Windows-based servers on VMware, OpenStack, Public cloud services  as well as other platforms, along with continued growing popularity of Azure,  having a solution such as Azure Stack provides an attractive option for many environments. That leads to the question  of if Azure Stack is essentially a replacement for Windows Servers or Hyper-V  and if only for Windows guest operating systems. At this point indeed, Windows  would be an attractive and comfortable option, however, given a large number  of Linux-based guests running on Hyper-V  as well as Azure Public, those are also primary candidates as are containers  and other services.

Continue reading more in part two of this two-part series here including installing Microsoft Azure Stack TP3.

Ok, nuff said (for now...).

Cheers
Gs