vCenter Single Sign On 5.5 Whats New

vCenter Single Sign On has a considerable amount of changes in vSphere 5.5, with few major ones. Many of these changes have went undetected or unnoticed by the Virtual Infrastructure Admins. If you have deployed vSphere 5.5 and missed these changes or planning to install vCenter SSO 5.5 and want to learn what has changed from the vSphere 5.1 days, then this post is for you:

Below is the list of the major changes introduced in vCenter Single Sign On:

 vCenter SSO Architecture Improvements:

1- Multi master: Unlike 5.1, vCenter SSO 5.5 has A built-in automatic multi-master replication architecture that ensure that all SSO instances are always kept in sync. While this sound great, most admins are not sure what it means nor how it affect the way they design SSO. To understand the value of this change, you must understand how SSO worked in 5.1. and how that changed in 5.5.

In 5.1 if you wanted to enable SSO for multiple vCenters in your environment, you needed to point all of them to the same SSO instance which made all of those vCenters dependent on that single SSO instance. This has made that single SSO instance to be crucial for the operation of all of your vCenters, as if that SSO instance goes down you will not be able to access any of your vCenters.… Read More

VMware Onyx the easy way to generate vSphere Power CLI & vCO Java Script Code

Every vSphere admin will get to a day where he wants to automate particular tasks, though he always have to weight the benefits vs the  time required to automate using a vSphere Power CLI script or implementing the vCO Java Script Code required. What if you can generate such scripts and automation procedure in no time and without much of scripting knowledge. What if you can click your way through the VMware vSphere Client and the code magically is written for you in your language of choice of the below languages:

- vSphere Power CLI

- vCO Java Script

- C#

What I have been describing above is a VMware Fling called Onyx. Onyx is a standalone application that serves as a proxy between the vSphere Client and the vCenter Server. It monitors the network communication between them and translates it into an executable PowerShell code. Later, this code could be modified and saved into a reusable function or script. I am sure many of you got excited already, but to get you even more excited and to see Onyx red handed in action check out the below video:

Below you will find the exact steps to get you started with VMware Onyx, the best vSphere Power CLI tool out there.… Read More

VMware vCenter Log Insight 1.5

With the continuous exponential growth of logs in the datacenter, it getting close to impossible to consume them the traditional way. This is no difference in a virtualized environment, where you have the logs for vCenter, ESXi hosts, virtual machines, OS of the VMs, Application logs, & so on. To help admins better digest and better utilize logs, VMware has released VMware vCenter Log Insight.

VMware vCenter log Insight will help admins better digest logs through an easy to use and customize GUI interface. What make vCenter Log insight great for virtualized vSphere environments, that it has special vSphere  dashboard that can make utilizing your vSphere environment logs much easier than ever been possible. The nice thing about the product that it does not stop at vSphere, but it can be utilize with almost any product that generate logs. In addition, many product packs are being created to increase its usability with products outside the vSphere family. The below video should give you a good indication of what you can do with the product:
 

The below video demonstrate how to install vCenter Log Insight:
 

Even more the product is being further enhanced, & the below features were added in VMware vCenter Log Insight 1.5 TP2:

  • Content Gallery – As we continue to expand our content pack coverage to security, Networking, Compute and Storage, we have introduced a new way to Import, Export, Share and Manage Content packs for both administrators and users.
Read More

VMware ADP (Application Dependency Planner)

I have recently been delivering a Virtualization Assessment engagement for an Enterprise customer, where they have benefited of the recently introduced VMware Application Dependency Planner(ADP). I thought many enterprises & consultants out there would be interested to find out the what, why, when & how they can benefit of this new offering. Below I will try to give a brief of the answers:

What is Application Dependency Planner (ADP)?

VMware Application Dependency Planner is a consulting tool that provides automated, real-time application discovery and dependency mapping to accelerate datacenter migration, precisely plan infrastructure consolidations, and confidently virtualize business critical applications. VMware and partner consultants can use this agentless, non-intrusive, and continuous dependency mapping tool across physical and virtual application infrastructures to quickly gain an understanding of service dependencies with accuracy and efficiency.

Not to confuse it with VMware vCenter Application Discovery Manager (ADM). Where ADM had to be licensed by the customer to use it & permanently run it to keep an updated Application Dependency Mapping, ADP is a consulting tool that VMware Consultants and partners can use to help customer prepare for any Data Center transformation being Virtualization, Cloud Computing, SDDC, or even a disaster recovery. The customer does not have to purchase an ADP license, & the consultant will deliver the Application Dependency mapping for the customer applications as a service as a part of consulting engagement (Ex: Virtualization Assessment Engagements offered by VMware & its partners).… Read More

How to replace vCenter 5.1, SSO, Web Client, vCO Certificates

With the release of vSphere 5.1 certificates started to play a much more vital role, where having invalid certificates in your environment is not an option anymore as it could break the operation of your environment as well forbid you from logging in. This change has been done to increase the security of your Virtual Infrastructure Management Components (vCenter Service, Inventory Services, SSO, Web Client, vCO, Update Manager, & vCenter Log Browser) & to compact the possibilities of man in the middle attacks. This change has brought a lot of challenges to many VMware customers who had invalid and expired certificates in their environment without even noticing it. The tedious process of replacing any of these certificates have not been a pleasure work for many, the good news is that VMware has just released vCenter Certificate Automation Tool 1.0 to streamline the process & release much of that pain.

VMware has just announced the general availability of vCenter Certificate Automation Tool 1.0. This tool provides an automated mechanism to replace certificates in the following components of the vCenter management platform:

  • vCenter Server
  • vCenter Single Sign On
  • vCenter Inventory Service
  • vSphere Web Client
  • vCenter Log Browser
  • vCenter Orchestrator (VCO)
  • vSphere Update Manager (VUM)

The tool can be downloaded for free from: https://my.vmware.com/web/vmware/info/slug/datacenter_cloud_infrastructure/vmware_vsphere/5_1#drivers_tools

Before you jump on the tool, please make sure you read the instructions on the requirements for using the tool, the steps to use it, as well the limitations & known issues to avoid any trouble.… Read More

vCenter Single Sign On 5.1 best practices

Since vCenter Single Sign On was introduced in vSphere 5.1, many questions have been rising around it. There seems to be a very limited amount of resources out there that document best practices related to vCenter Single Sign On, which is the reason for me to develop this post where I will try to combine as many best practices and answers related to vCenter 5.1 Single Sign On as possible.

I have been one of the lucky consultants who has already got to design/implement vSphere 5.1 for quite few enterprise customers where I have got to debate and drive best practices that I used across those implementations. I am sharing them here where others can benefit from them as well to allow a room for others to debate them and contribute their feedback.

Where to install vCenter Single Sign On (Physical vs Virtual)?

Just as the recommendations have always been for vCenter using virtual machine(s) is the best practice to save on cost and benefit of the availability features built in vSphere, that is no difference in vSphere 5.1. You can host all vCenter 5.1 components including SSO on virtual or physical machine, where virtual machine is the recommended practice due to the same reason mentioned earlier.… Read More

vCenter 5.1 Installation(Part 2) – Single Sign On Installation

During the installation of vCenter 5.1, you will need to install 3 components in the following order: Single Sign On => Inventory Service => vCenter Service. In a new installation I would normally install the Web Service after installing the vCenter Service, though during an upgrade I would install the web service right after the Single Sign On service to be able to use it just in case I wanted to check on my Single Sign On configuration or want to troubleshoot. As this guide assuming a new installation we will leave the Web Client Service to the end. In this post, I will demonstrate the installation of the Single Sign On Service.

Preparing Databases for vCenter Components

Three vCenter components require a database. Single Sign On, vCenter Service, & Update Manager each of those components require its own database, where the creation of those databases have been documented at the first post in this series found at: vCenter 5.1 Installation(Part 1) – Preparing the Databases.

Alright now you have your databases ready let’s start the process of installing vCenter Components. The first component to install as mentioned earlier is the Single Sign On Service, which is documented in a step by step fashion below.… Read More

vCenter 5.1 Installation(Part 1) – Preparing the Databases

After the introduction of vSphere 5.1, there seemed to be a lot of fuzz about the installation of the new vCenter components. I believe most of the hype was caused about how the initial vSphere 5.1 release behaved differently against expired certificates from how vSphere version prior to 5.1 behaved. In earlier releases, vCenter has only checked the expiry date of the certificate used during the initial install and fall to a backup mechanism if the certificate fail though the service would went up and the user would use vCenter as nothing has happened. To increase the security of vCenter and prevent man in the middle attacks, this behavior was changed in vCenter 5.1. vCenter 5.1 is always checking the validity of its certificates every time the service is being started & it would report an error if it does not find a valid certificate. As many customers had an expired vCenter certificates and did not know about it before upgrading to vSphere 5.1 they were caught off guard by this small behavior change where VMware has quickly released a quick workaround for it and a new patch were released to improve how vCenter response to this behavior.

The installation of vCenter 5.1 has been much smoother after releasing vCenter 5.1b & ESXi 5.1a, & to calm my readers nerve about installing vCenter 5.1, I will be showing in here a step by step the installation process of vCenter 5.1 in a simple way that show its not much more difficult than what used to be done in vSphere 5.0 if you know what you are doing.… Read More

vCenter Orchestrator has no vCenter Server 5.0 plug-in tab

After coming back to a VMware vCenter Orchestrator 4.2 in my home lab that i have installed a while back, I have noticed that the vCenter Orchestrator Configuration interface was not showing the vCenter Server 5.0 plug-in tab. Actually it was showing the vCenter 4.1 plugin tab. As soon I saw that I remembered that the Plug-in for VMware vCenter Server 5 is not included in the VMware vCenter Orchestrator 4.2 included in the vSphere 5 vCenter installer CD. Then I thought what if I did not know that and I got to this stage. How odd & how long would I waste to figure out what is wrong with my setup.

To make it more interesting going to the vSphere vCenter 4.1 plugin tab in VMware vCO  and configure it with vCenter 5 information pass the validation without any error or complain. The only time you will start noticing the result of using the wrong plugin is when you start trying to execute any VMware vCenter Orchestrator workflow that require information to be populated from VMware vCenter. At that time you will notice that nothing show up in your vCenter inventory & you start scratching your head. Below is a screen shot to demonstrate how the vCenter 4.1 for vCenter Orchestrator plugin look like in vCO before upgrading it.… Read More

VMware vCenter Chargeback VM instance model is overcharging

VM instance model in VMware vCenter ChargeBack up to version 2.0.1 still has no prorating on charges. For those of you who is not sure what I am describing by VM Instance below how its described in the “VMware-Technote-Using-vCenter-Chargeback-vCloud-Director” document as well a screenshot of where you configure VM instance in vCenter ChargeBack:

“VM Instance enables the creation of a matrix of fixed costs that apply to hard a hard bundle of vCPU (count) and memory (MB). VM Instance matrices are linked with a cost model and consist of the hierarchy selection criteria, a fixed-cost table and a default fixed cost. Selection criteria can be based on name-pattern matching or custom- attribute matching. VM Instance uses a stepping function, where the virtual machine charge steps up to the next instance size. Costs are applied only for the duration when a virtual machine is powered on and is not prorated.

All this seems great beside the one last sentence “Costs are applied only for the duration when a virtual machine is powered on and is not prorated.” This means if you setup your fixed cost charges into there for monthly and you only powered the VM for an hour then turned it off you are being charged the full month rate.… Read More

VMware vCenter ChargeBack Cost Models & vCloud Director Allocation models & Overage

Since the introduction of vCenter ChargeBack integration with VMware vCloud Director & I hear repeatedly questions about how its Cost Models charge in a VMware vCD environment. To be honest, the question usually come in the form that vCenter ChargeBack is not calculating the cost as I expected & something wrong with it. Most of the time it turn out nothing but a misunderstanding of vCenter ChargeBack Cost Models in a vCloud Director environment.  As vCenter ChargeBack Cost Models highly integrate with VMware vCloud Director allocation models, its very important to have a solid understanding of VMware vCD Allocation Models. As Duncan Epping & Chris Colotti both has explained vCloud Director Allocation Models extensively in two great blogs posts, I am going to only reference these and not cover it in this post & rather focus on the vCenter ChargeBack part of the story. Below are the two posts for VMware vCD Allocation Models:

vCD – Allocation Models (By Duncan Epping)

vCloud Allocation Models  (By  Chris Colotti)

Please make sure you go over one of the above posts if you still don’t have a clear understanding of the vCloud Director Allocation models before going over this post, as I am not going to cover that.… Read More

VMware vCenter ChargeBack Report does not display Disk Read and Disk Write & Network Transmitted and Network Received information

It seems the problem of vCenter ChargeBack report not displaying certain info is becoming a popular question lately. Actually this was pointed out to me earlier today by a colleague who was reviewing my vCD design. The most common info not displayed in a vCenter ChargeBack Report are below:

  • vCenter ChargeBack Report Does Not Display the Network Transmitted and Network Received Information
  • vCenter ChargeBack Report Does Not Display the Disk Read and Disk Write Information
  • vCenter ChargeBack Report Does Not Display the Memory Usage Value and the Corresponding Cost

It seems many admins are getting to the point where one of the above list is not being displayed in the vCenter ChargeBack Reports although they select them while generating the report.

It turned out that the main cause of such a problem is that the statistics collection level is not properly set on the vCenter Server. This case seems to happen often as the required statistics collection level in vCenter in order for these to work is higher than the default in vCenter where statistics collection level is set to 1 by default, where in order for these to work you will need to change the vCenter Statistics collection level as shown below:

Desired Data                                                     Required Statistics Collection Level

Network Transmitted and Network Received                                         3 or above

Disk Read and Disk Write Information                                                    3 or above

Memory Usage Value and the Corresponding Cost                                 2 or above

Please note for the Memory Usage Value and Corresponding Cost, you will have to change it to 2 or above only if using a vCenter older than vCenter 4.… Read More

PHD Virtual Monitor for VMware Step by Step Installation & Configuration

As I have spent sometime evaluating PHD Virtual Monitor to post the review on my Backup & Disaster Recovery/Management blog TSMGuru Blog, I have went through the installation/configuration process and thought I may as well share them on here for people trying to install or just test PHD Virtual Monitor for VMware. On here, I will be showing how to quickly get up and running with PHD Virtual Monitor, though if you want to read my review of it before testing it your self you can find it at: PHD Virtual Monitor for VMware Review

Before you start you will need to make sure the below prerequisite are met by the machine you will use for PHD Virtual Monitor for VMware:

- First of all make sure you are using a supported operating system. PHD Virtual Monitor for VMware is supported by the following Operating Systems.

  • Windows XP
  • Windows Server 2003
  • Windows 7
  • Windows Server 2008 32-bit or 64-bit.

- The machine where you are setting up PHD Virtual Monitor for VMware should have at least 2GB of RAM and a 4GB page file.

- Static IP is highly recommended

- For the testing environment or an environment with less than 50 devices to monitor, the default Microsoft SQL Express will be sufficient.… Read More

VMware vCenter Server Appliance Error: VPXD must be stopped to perform this operation.

While playing with VMware vCenter Server Appliance in my home lab, I have been surprised with the following error:

Error: VPXD must be stopped to perform this operation.

This error has came up while trying to change authentication to active directory authentication and kinda seen the same error when trying to change the database to an external database. For some reason the Server service stop button is shadowed as well which mean I could not stop it by the GUI interface. Although my lab setup is not ideal and it might just due to the way I set it up, though I will still document how I resolved this where the same mechanism can be used to stop and restart any other service used by the vCenter Server Appliance. Below are the steps I have followed:

1- SSH to your VMware vCenter Server Appliance using the root account.

2- Execute the following command to see the status of all the service running in the vCenter Appliance:   chkconfig

The output of all services will look something like below:

localhost:~ # chkconfig
after.local               off
apache2                  off
arpd                         off
atftpd                       off
auditd                       on
autoyast                    off
chargen                      off
chargen-udp              off
cron                       on
daytime                    off
daytime-udp              off
dbus                     on
dcerpcd                  on
dhcp6r                   off
dhcp6s                   off
dhcpd                    off
discard                  off
discard-udp              off
earlysyslog              on
echo                     off
echo-udp                 off
eventlogd                on
fbset                     on
gpm                      off
haldaemon                on
haveged                  on
irq_balancer             on
kbd                      on
ldap                     on
lsassd                   off
lwiod                    on
mdadmd                   off
multipathd               off
netlogond                on
netstat                  off
network                  on
network-remotefs         on
nfs                      on
ntp                      off
pcscd                  off
powerd               off
random               on
raw                      off
rpasswdd            off
rpcbind                on
rpmconfigcheck           off
sendmail                       on
servers                           off
services                         off
setserial                        off
skeleton.compat          off
splash                            on
splash_early                on
sshd                               235
stunnel                         off
syslog                           on
syslog-collector         off
systat                          off
time                            off
time-udp                   off
uuidd                         off
vami-lighttp             235
vami-sfcb                 235
vaos                          235
vmware-inventoryservice  on
vmware-logbrowser        off
vmware-netdumper         off
vmware-rbd-watchdog      off
vmware-tools             on
vmware-vpostgres         on
vmware-vpxd              on
vsphere-client           on
xinetd                   off
ypbind                   off

3- Stop the required service in my case was vmware-vpxd using the following command: chkconfig service-name off (ex: chkconfig vmware-vpxd off)

4- carry out your changes

5- Start the service again using the following command: chkconfig service-name on (ex: chkconfig vmware-vpxd on)

I hope this help someone out there from being stuck with such issue… Read More

Cavemen want efficiency too! Move beyond traditional IT management solutions with VMware.

I was about to head to bed till I saw this really funny VMware video on my facebook. I thought it was too funny to pass by it and not share it with my readers. Check out how the Cavemen want efficiency too! Move beyond traditional IT management solutions with VMware. Don’t miss this video and watch it and have a great laugh.

Read More

Sponsors