If you said your mission was to “bring scale out storage to every virtualized datacenter”, you can bet that your Twitter follower count would drop immediately, and your peers would think you had gone off the deep end.  That is, unless your name was Satyam Vaghani, and you had already invented VMFS, brought VAAI to fruition, and helped introduced the concept of VVOL’s at VMware.  If you were Satyam, and you said that, people would just throw money at you.

Fast-forward to today, and that money has been poured into a startup called PernixData, which is about to unleash its Flash Virtualization Platform (FVP) onto the world.  I hear you groaning over there.  ”Ohh, not another flash startup. . .”  Aren’t there tons of flash startups these days, all promising to revolutionize storage, and handle flash “like no one else”?  Indeed.  But you’re going to want to pay attention to this one.

There is no debate anymore about whether flash should be implemented in the datacenter.  The more interesting debate happens when we talk about about HOW to implement that flash.  You have several choices when it comes to using flash to bring storage performance to your applications.  You can buy some flash from your traditional storage vendor at breathtaking markups, and watch them shoehorn that into an existing, legacy array.  But then you have to live with paying a huge premium for performance you’ll never see.  Legacy arrays weren’t built with flash in mind, and they all will very quickly reach their limit when you start adding flash.  While you will no doubt see a performance boost, it doesn’t scale.  A few months later, after adding more hosts, and more VM’s, you will inevitably hit a wall again.  Then what?

You can go to one of the recent startups, like PureStorage, and get a nice array of SSD’s with great features, and replace your current storage array for close to the same price as spinning disks.  You can go to XtremIO (now owned by EMC), or NetApp, and buy one of their flash arrays, and either may suit your needs just fine.  Violin or Nimbus will gladly sell you an all flash array, but as you will see, there are some drawbacks to these approaches.

Vaghani believes that SAN attached storage is too far from the application.  Consider that a piece of flash can process an I/O in less than 100 microseconds.  Would any rational person want to add 400-800% latency on top of that, just to traverse a network?  There is a valid reason for doing so, and that is so you don’t have to change your existing data storage strategy.

If you’re using EMC already, and you want speed, buying some XTrem, and tiering it with your VMAX  is not a bad decision.  You use all the same tools, and the same methodology for storing, and protecting your data, as you you already use.  No need to learn another storage operating platform, or change your data protection strategy, just to get a speed boost.  But with that particular product, you’re only accelerating your reads.

Per Vaghani’s theory, and just basic physics, to get the best performance, flash should be as close to the application as possible.  So you could just go out and buy some SSD’s, or PCIe flash cards, and pop them right into the server.  That way, you are certain to get every technologically possible IOP out of your new, expensive flash.  Then there is that pesky problem of trying to figure out how to use this new storage without having to re-architect the way data gets protected and stored.  Often times, this means making changes to your applications, which should be loads of fun, and super-easy.
So what do you do?  Create a new VMDK on the new flash?  How do you protect it?  If it’s local, how do you vMotion?  Uggh. . .

If only there was a way to change the performance of the existing storage infrastructure, without changing. . . the existing storage infrastructure.  Introducing PernixData FVP.

FVP takes whatever existing flash you have inside your VMware host, and uses it to accelerate I/O from your back end storage arrays.  It integrates seamlessly into the VMware kernel, and aggregates flash storage from all hosts in a cluster into a single pool of flash resources.  FVP then hijacks the I/O from a VM before it goes out to the storage, and decides whether that I/O should be served from the pool of flash, or by the storage array behind the flash.  So it’s native to the hypervisor, and can be used to accelerate VM’s on a per VM or per VMDK basis. 

Although FVP has a clustered file system, it does not have any centralized management or metadata functions.  All nodes are autonomous, and do not need to communicate to other nodes to declare ownership of a block, or for any other reason.  This means clustering does not have an impact on the level of performance you will see from your flash devices.  Other clustered flash solutions on the market have some piece of their management functions centralized, so all hosts must communicate with the central authority, over that slow network we were talking about earlier, resulting in the same type of latency we would see using SAN-based flash.  Essentially what we have is what PernixData calls a Data-In-Motion tier, or as Enrico Signoretti says, a CAN (cache area network).

FVP offers both write-through, and write-back modes.  Write-through means FVP will not intercept, or accelerate write operations.  It passes those on to the storage array where the VMDK is housed.  In write-back mode, writes will be accelerated, and distributed to other nodes in the pool for data protection.  Reads are accelerated in both modes, and all this is completely configurable per VM.  You can select whether you want to have up to 2 additional replicas elsewhere in the cluster, or no replicas to completely maximize performance on a per VM basis.  The amount of capacity used in the flash pool is configurable by VM as well.  This level of flexibility is unmatched, anywhere in the market.

While there are one or two products out there offering write-back capability, they seem to ignore the fact that the virtual environment is highly dynamic, and VM’s frequently relocate to different hosts.  You didn’t think a former VMware guy would ignore vMotion, did you?

Once a VM vMotions to another host, the warm data residing in cache on the old host is compared to the data in cache on the VM’s new host.  Data that does not exist on the new host is transferred over the vMotion network, to the new host.  There may be a slight performance impact while the data is transferred, but the impact is minimal, compared to warming cache all over again.  Also, the severity of the impact is limited to the original, pre-FVP response time of your back end storage array.  So for a few seconds, you can reminisce about how slow things were back in the day, before you got FVP.  In the demo video below from Storage Field Day 3, performance started ramping almost immediately, as the data was being copied over.

In addition to vMotion, FVP also supports Storage DRS, HA, SIOC, VADP, snapshots, and VAAI.  It doesn’t get into the way of anything you are currently doing.  In fact, it is so transparent, you can actually yank out your SSD’s on a host WHILE a VM is running, and nothing will happen.  Try that with a LUN.

FVP is a truly comprehensive solution for VMware customers, and can be deployed in minutes, with no changes whatsoever to your infrastructure, or the way you currently handle data.  Simply add any flash, and run VMware Update Manager, and in minutes, you are reaping the benefits.  While PernixData does plan to support more than just VMware in the future, it was an obvious decision to start there.  Without exception, all vendors presenting at SFD3 mentioned VMware as being best-in-class, and I am inclined to agree.

Check out the vids below for some performance numbers, and a demo.  In addition to being a passionate, technically brilliant advocate for his product, Satyam could also moonlight as a stand-up comedian, so even though I am not in the videos, you will not be bored.  Apparently at dinner the night before, the Dutch Storage Syndicate (Arjan, Ilja, Marco, and Roy) poisoned me in retaliation for Justin Bieber’s disrespect of Anne Frank, so I had to watch from upstairs.  And I’m not even Canadian!

Although Gestalt IT covers delegate’s expenses for Field Days, delegates are not obligated to write, review, or produce content on any of the products or vendors we see at these events.

This past week, I had the good fortune of attending Storage Field Day 3 (SFD) in Denver, Colorado. Field Days are events where a group of independent IT professionals chosen by a committee of like-minded people are brought together with start-ups, and mature companies who have new, innovative products. These companies all have something to say, and most are interested in direct, independent feedback on what they’re offering. The discussions are two-way, and are usually quite a bit more in-depth, and candid than one might expect during most vendor briefings.

Something was abundantly clear to me during all the vendor meetings at SFD, the industry is being disrupted in a huge way. If you’re stuck in the storage world as it was in 2010 – 2011, you are lost. But have no fear. If you’re willing to move beyond what is rapidly being considered “legacy” storage, you can catch up. I’m here to help.

One of the most exciting moments at SFD was the launch of a brand new storage company called Exablox. These guys are way out there in front of any other company providing storage solutions for midsized companies. Imagine object based, content addressable storage with an enterprise feature set, at a price for small to midsized businesses.

If you’re into storage at all, you’re probably already aware of the advantages of object-based storage.  For those who may be less familiar, object storage is differentiated from traditional file-system storage by ditching the traditional hierarchy, and storing files as independent objects. There are a couple of major advantages to using this method to store files.

1. Scalability – Amazon’s S3 currently stores 1.3 trillion objects, and adds over 1 billion new objects daily. The sheer amount of overhead that would be required to store that amount in one, or more file systems would be staggering. Keeping track of all the pointers, metadata, and ensuring the integrity of the file systems would require processing power that would be cost prohibitive. Amazon is able to deliver S3 at a compelling price point, as a result of this scalability.
2. Reliability – When there is no requirement to grow, prune, and maintain the integrity of a gigantic file system, reliability inherently increases. Additionally, the fact that our objects can be located essentially anywhere, and retrieved with a simple object ID, means that we can break a file into as many atomic chunks as we would like, and even distribute it geographically, like S3. When we break these files up into atomic units, we can determine how much data protection, or parity, we want to assign. Most of the object storage out there will allow us to tailor how many of these chunks we can lose, and still rebuild the entire file. So if we have some important data that’s really critical, we can split it into enough chunks, with enough parity, to tolerate failures on a scale that would completely devastate RAID protected file systems.

While this is admittedly a quite simplified, and possibly flawed introduction to the concept, it should be enough to get us to a point where we can understand some of what makes the Exablox product unique, and groundbreaking. The product is called OneBlox. It’s designed to give the advantages of object storage to businesses who don’t have an army of storage guys who are dedicated to the task.  OneBlox is the brainchild of CTO and Co-founder Tad Hunt, who was very adept at explaining all the in’s and out’s of how these boxes work together to create a storage system that is punching far above its weight class.

Normally, to use object storage, one needs to architect an application to use objects, as opposed to a traditional file system. That’s probably not going to be something a midsized customer would want to do up front, considering the investment. OneBlox gets around this requirement by providing a CIFS/SMB interface. You can use this thing like any traditional CIFS/SMB target, integrate it with Active Directory, and still get all the benefits of object storage, right out of the box.

No. . .seriously. . .I’m not talking out of the box, after hours of frustration. I mean, seconds after it boots up, you have storage space available to dump files onto from Windows, or any CIFS compatible OS.

The one thing that seemed to divide some of the delegates was the management system.  Called OneSystem, it’s cloud-based, and comes with the unit.  As soon as a customer receives a OneBlox, and boots it up, it presents storage instantly, and also calls home to OneSystem.  Of course this assumes that a firewall is allowing it to call home.  Once you pull up the site, it’s as easy as pairing a device to Netflix.  You just punch in the 5 digit code on the front of the OneBlox, and that device joins your ring.

If you get another device later, just plug it in, do the same, and bam.  It joins the ring.  The OneSystem management interface is really simple, and clean.

Some SFD delegates questioned Exablox’s decision to make the only management interface for the product one that was cloud-based. From my perspective, I think it’s perfect for the market they are targeting, and it also enables them to come in at an amazingly attractive price point per unit, while selling the management separately.

The OneBlox is packed with features.  In addition to SMB/CIFS, it does real-time replication, dedupe, and encryption by default, and even CDP-like snapshots!  Users can access the snapshots directly within the file structure in their Windows Explorer, or Mac Finder window.

Each OneBlox can support up to 32TB RAW of any type of disk from any manufacturer, although as Lauren Malhoit points out, the system doesn’t do any tiering, so it’s not setup to put hot data on SSD’s or anything like that.  It’s very Drobo-like in its simplicity, complete with red or green LED’s to tell you the status of the drives at a glance.  The chassis is a work of art, and is not some off the shelf rebadged 2U server.  The feet actually slide into place on the unit below for stackability without a rack.  The whole chassis has a solid, hi-fi component feel to it, even though it’s cheaper than many hi-fi components.

I could write a dozen more pages on the inner complexities of how this thing works (the ring), and how amazing it is, but honestly, Tad does such a good job explaining it, I’m going to link to the whiteboard and let him show you.

And here’s a demo of the system, which is equally cool:

Although Gestalt IT covers delegate’s expenses for Field Days, delegates are not obligated to write, review, or produce content on any of the products or vendors we see at these events.

I remember many years ago when I was studying at the University of Maryland, one of my professors listed WordPerfect as one of the requirements for his class.  So I went down to the campus bookstore and bought a copy.  The clerk handed me a big bulky box and I remember thinking “gee, this packaging is a bit overkill.”  That is until I got back to my dorm room and found 20+ 3.5” floppy disks in the box!  It must’ve taken me over an hour to install that darn thing and I knew there had to be a better way.  Well sure enough, things have certainly progressed nicely since the days of the floppy disks.  We’ve since moved on through CDs, then DVDs, and finally, where the bulk of software distribution is done today, direct Internet download.

It’s hard to imagine what could come next, or how we could improve upon software distribution via direct Internet download.  As Internet pipes get ever faster and bigger, what other medium could be a sufficient replacement?  Well, frankly, I don’t know that there ever will be.  But the future of software distribution lies not in the distribution vehicle, rather it lies in the metadata of the software being distributed.

As applications grow more complex, they are typically broken down into smaller pieces based on functionality.  Let’s use Microsoft Exchange as an example.  When Microsoft Exchange was first released, it was a pretty basic messaging software product that could be easily setup on a single server.  Over the years, as new features and functionality have been added, Microsoft Exchange has evolved into an extremely complex beast.  For larger implementations of Exchange, quite often there are large teams of very bright engineers, consultants/contractors, and project managers required to get the product setup and running properly.  And the entire process is rarely, if ever, smooth.  More often than not, the process is littered with many “bumps in the road.”  A complete installation can take many months, and in some extreme cases, years.  Could there be a better way?  Absolutely.  Let me introduce you to the concept of an Application Blueprint.

An Application Blueprint is, well, very much what it sounds like.  It is a model of what an application should look like.  Like a blueprint for a building, which is a complete plan of all the building components from the foundation to the roof, an application blueprint spells out all of the application components, everything from the VMs and the OSs, all the way up to the nitty gritty application configuration parameters, and everything in between.  But unlike blueprints for physical buildings, which are generally printed on large rolled up pieces of blue engineering paper, an application blueprint is something that can be modeled in software and something that can be saved and passed around or downloaded electronically.

In addition – and here’s the really important part – VMware’s vFabric Application Director leverages these blueprints to automate and orchestrate the installation and configuration of a complex application.  Now let’s think about that for just a minute, because this stuff is revolutionary and extremely powerful.  As we’ve already discussed, applications are getting harder and harder to setup and configure.  One could make the argument that certain types of really advanced and complex software solutions, such as Microsoft Exchange, are approaching the point of being almost too complex to be implemented by humans.  There are just too many variables to manage and too many super advanced skill sets across numerous disciplines that are required in order to successfully implement these kinds of large, enterprise software solutions.  But now there is a way to not only model what these software solutions should look like in a given environment, but also a way to take that model and programmatically “make it so.”

This is very powerful new approach because it eliminates the complexity and removes the error prone “human element” of the implementation equation.  All the technical pieces that must be thought out, accounted for and detailed in an implementation project plan can now be modeled in an application blueprint.  Everything from the size of the virtual disks and the IP addresses of the VMs, all the way up to the location of the software installation bits, the installation directory and the TCP port numbers will be defined in the blueprint.  Once an application has be completely modeled in the blueprint, vFabric Application Director will take that blueprint and make an Execution Plan, which is an installation plan that will include all the tweaks and configuration changes necessary for the application to run in your environment.  Then, according to the plan, Application Director will build the VMs, install the OS’s, configure the networks, download the application bits, install the application components and “wire everything together,” so to speak.

You might be thinking, “OK great, but how exactly is this the future of software distribution?”  Which is a great question, because what I’ve talked about so far is how application blueprints will greatly improve application installations, which is something different than software distribution.  But now that we understand the value of application blueprints, wouldn’t it be great if we could save application blueprints and pass them around?  Wouldn’t it be great if, for example, I could go to an online store and find/test/buy an application blueprint for Microsoft Exchange? Yeah, that would be awesome.  Guess what?  You can.  In fact, if you’re interested, here is a blueprint for Exchange.   If you go to that link and click the “try” button, you’ll be taken to a page that will help you import the MS Exchange blueprint into your vFabric Application Director.

Keep in mind just how different this is from how things are generally done today.  If I bought MS Exchange today, I would get a download link to the actual software installation bits as well as a ton of “how to” documentation.  But with this new model, I’m not downloading any software or documentation; rather I’m downloading a software plan.  It’s a software plan that can be understood by vFabric Application director.  And once the plan has been imported into Application Director, you don’t need to do hours/days/months of planning and researching, you simply click “Go.”  Once Application Director has done its job, you will have MS Exchange up and running in your environment, just they way you want/need it to be running.

There are a couple of other important benefits to this new approach.  First, let’s think about the subject of patching and updating.  Sorry, I didn’t mean to make you gag.  Yes, it’s awful.  Painful.  You show me a person who says they enjoy patching and updating applications, and I’ll show you someone who secretly dresses in full body latex and has Helga the “Pain is Love Goddess” on speed dial.  But the good news here is that with Application Blueprints, patching and updating becomes so much easier.  Remember, everything about the application is modeled in the blueprint, including (potentially) how to update that application.  So in the future, updating an application should be a simple matter of receiving an updated blueprint from the ISV and again, simply clicking “Go.”

And finally, another really cool benefit to this approach lies within the performance of an application and the integration with other applications.  Pretty soon, other important application tools will also “understand” Application Blueprints.  Why is this important?  Well, if a performance monitoring application (for example) can understand Application Blueprints, it can now intelligently spin up additional DBs, or web servers, or application servers, or whatever corrective actions it needs to take in order to solve the performance problem.  Pretty nifty, eh?

Yes indeed, software distribution has come a long way over the years.  Fifteen years ago we were buying all of our software on floppy disks.  Ten years ago everything moved to CDs and DVDs.  Now everything is directly downloaded over the Internet.  Shoot, the new Apple Macintosh laptops don’t even come with internal CDROMs anymore.  And why should they?  Who needs them?  So what’s next for software distribution?  Well, I believe the future of software distribution lies not in the in the metadata of the software being distributed, i.e. the Application Blueprint.  Go to the VMware Solution Exchange.  Check out an Application Blueprint and see if you agree with me.

If you haven’t yet upgraded vShield App to version 5.1.2, here are a few tips not included in the instructions that could save you some pain during the process.

Before you do anything, the obvious first step would be to snapshot your vShield Manager VM.

Right after that, I recommend going in and setting the FailSafe policy to Allow.

This setting ensures that if the vShield Manager is not available, or has failed, go ahead and allow all traffic.  If you’re in an environment where security is absolutely paramount, and this setting is unacceptable, you will want to ensure you have a maintenance window that would allow for the loss of connectivity in case of problems.

This next step may be unnecessary, but if you weren’t paranoid, you wouldn’t have read this far.  ;-)

I go to every host and force a resync in vShield Manager so that the service VM knows about the setting I just changed.

Now you’re ready to start the upgrade procedures on page 37 of the vShield Installation and Upgrade Guide.

Once you get your vShield Manager upgraded, go ahead and test an update on a host.  Once it finishes, migrate a VM back to it while pinging, to ensure connectivity is there.  If it’s successful, finish the rest of your hosts.

You can do multiple hosts at once, but sometimes the web client can be unreliable, so I recommend opening multiple browser windows if you’re going to do multiple host updates simultaneously.

Make sure you wait until the first host is already into maintenance mode before starting a subsequent one.  This will ensure you don’t have any conflicts where a VM is trying to migrate to a host going INTO maintenance mode.  Here’s a pic showing what I’m talking about.

*Disclaimer: Author makes no inference that the reader has any actual psychological disorder, nor does the author intend any slight or affront to actual patients being treated for paranoia.  Author is merely inferring that if one has been in IT long enough, in an environment where downtime is measured in dollars, one could be considered to have the characteristics of the aforementioned patients.  Author is not engaged in practicing mental health, dispensing, or prescribing actual mental health conditions.  Virtual Insanity, its principals, and their employers are not responsible for the content of this blog post.  Please drink responsibly.  Qualified buyers only.  I crack myself up.  Use only as directed.  Restrictions may apply.

Making career choices is never an easy thing to do as there is no manual or guide book that helps you along the way.  But like with most things in life, we take the millions of different pieces of information and form a conclusion that makes sense personally.  I have been with VMware for 3 years now, and words can’t describe how awesome the ride has been, and how great it has been to be a part of such an awesome company/technology.  I can’t speak highly enough of the great people and the personal friendships that I have had the opportunity to form while working here.  But opportunities do come along, and some you find a deep sense of magnetic allure that you just can’t shake.  Those are the opportunities that you have to go after.  I have decided to accept a position with Tintri as a senior systems engineer (pre-sales) covering my local patch.

Tintri has piqued my interest for quite some time now, and the more I dug into the technology I was literally blown away by the innovation that they are bringing to the table.  There is a lot of disruption in the storage industry recently, and Tintri is one of the newer players that is bringing a big change in the way that we look at VMware and storage.  Tintri has taken a step back from the normal methods and constructs in which we manage storage, and completely re-defined the approach on how we should be treating virtual machine workloads when they interface with the storage subsystem.  You are no longer are bound to conventional storage management mechanisms such as LUN’s and volumes, but actually now manage the virtual machines directly on the storage array, which simplifies a lot of the complexities in the storage stack.  Combine this new approach with a hybrid SSD/HDD array and does both de-dup and compression on the fly, and you have something that is quite remarkable.

The Tintri VMstore visualization is a very powerful tool for VMware administrators.  One can quickly gain insight into the top performance issues with the click of a button (in the VIC client).  See screenshot below.  Combine all of these things together (along with some other roadmap items that are coming) and you have a very powerful solution that will solve a big pain point that most of my customers deal with on a daily basis.

I am all in with Tintri.

-Scott

Introduction

VMware vCloud Automation Center is a very powerful tool that many of my customers are starting to deploy within their organizations. What is vCloud Automation Center you say?  Directly from our vCAC website: “Rapidly deploy and provision cloud services across private and public clouds, physical infrastructures, hypervisors and public cloud providers with VMware vCloud Automation Center. vCloud Automation Center allows authorized users access to standardized IT services through a secure self-service portal, acting as a service governor and helping enforce business and IT policies throughout the service lifecycle.”

Customizations

As I mentioned in my previous blog post after VMware first acquired DynamicOps, vCAC is a self-service interface that begins to hand off some of the manual provisioning tasks that many organizations deal with.  This allows your organization to become much more agile, spinning up physical/virtual/cloud resources on the fly.  Having a nice visual representation of your service catalog is important for your end users as we begin to make this shift to a self-service model.  You want your customers to have a nice experience as they begin to consume your services, to entice them to adopt and return back in the future.  Customizing this portal for your environment is critical.  vCAC ships with a few icons that represent your infrastructure and services, but they are very limited in nature.

I decided to pull together a lot of industry infrastructure icons that customers might find useful when they are building out their service catalog.  I have resized them to the correct format for vCAC 32×32, and saved them as .PNG files as supported by the product.

Why go with this?

When you can have this!

vCAC Icon Pack

To import the icon pack, simply login as your vCAC administrator that you have already defined.  1.  Goto the “vCAC Administrator” incon on the left side of the menu as shown.  2.  Select the menu option “Customization” within this menu category.

1.  Once you have selected the “Customization” menu option go to the upper right hand side of the screen.  2.  Select the “Icons” tab that is called out in the image above.  Extract the icon files from the zip file to a local folder on your machine.  3.  Select the browse button to import the icons that you find useful for your environment.

Ready for the vCAC Icon Pack?  Click the link below!

VMware Site Recovery Manager is one of the best products in the VMware arsenal.  If you’re using SRM, there have been some welcome changes in recent versions.  One is the sheer magic of automatically resignaturing your datastores, and managing the whole process transparently.

The only problem is, when the datasores fail over, they get renamed like a snapshot would.

This might not be a problem for you, since VMware takes care of the vmx, and everything else in the background.  But depending on what you use for backups, not having hte same datastore name could have a huge impact on your recovery.

There used to be an XML file you could change to fix this behavior, but in the 5.x versions, they moved the setting into the GUI.  Just to avoid the pain of poking around trying to find it, I thought I’d throw out a blog post.  There don’t seem to be many out there on this.

All you need to do is right click on the site, and go to Advanced Settings.

Put a check in the box that says storageProvider.fixRecoveredDatastoreNames.

Next time you do a failover, you won’t have the snap prefix on your datastores.  If you still have some residual ones with the wrong name, you will need to rename those manually before doing your next failover.

If you’ve found your way to this blog post, you have likely already read, or even implemented the VMware KB articles on this.  I am not going to link them here, as there are some missing pieces in each of them.  With several hours of trauma under my belt, and a few e-mails back and forth with VMware support, I’ve got the missing pieces.  I’ll start from the beginning, so if you’ve already done some work on this, make sure you can retrace your steps so you don’t get lost.

First thing we need to do is figure out what resources we do not want vCOps to see.  In my example here, I want to limit access to my development environment (the DEV1 cluster).  Those guys are spinning up VM’s so fast, they’re causing vCOps licensing issues.

First thing to do is create a collection role for vCOps. It is best to have a user account specifically for this role in Active Directory.  I’ve created one called SVC_VCOPS.  We don’t have to give it any rights in AD.

Going into vCenter, we need to create a role for vCOps collection.

Right click on the Read-only role, and clone it.

You should now have a role called Clone of Read-only.  Rename that to vCOps Collection, or something like that.

Now, let’s go edit that role.

You need to check all of the following privileges.  This is important, and this is where some of the KB’s are missing info.

Once you have those privileges assigned, add the user we created in AD to the vCOps Collection role we just setup.

Go into vCOps Admin via https://vcopsserveraddress/admin and click the Update button next to your vCenter server to change the collection user to the AD user we created.

Once you get that set for your vCenter server, restart your vCOps services.

Now let’s go into vCenter and start applying these permissions.

In Hosts and Clusters, right click on your vCenter and Add Permission.

Add the AD user you created and give them the vCOps Collection role.

Make sure you leave the Propagate box checked.

Now, click on the cluster, or resource you want to exclude and click the permissions tab.  What you’ll see there is the permission you just defined at the vCenter level.  Double click it and change to No access.

Again, ensure the Propagate box is checked.  When you click okay, you’ll get a warning saying the permission is defined higher up, and it’s going to replace the existing one.  Click okay.

The next step is vital, and seems to be a glitch in the vCenter permissions setup.  Remember that Propagate checkbox you made sure was checked on that last step?  It probably didn’t propagate.  Here’s where you save a month of troubleshooting and phone calls.

Go in and check permissions on a VM in the cluster you just excluded.

Don’t panic.  There’s a solid workaround.

Go into VM’s and Templates view.  Add the permission there, and propagate it.

For some reason, some VMware people say not to do this.  It’s the only way I was able to get it to work, short of changing permissions on EVERY VM.  And since they’re spinning up 5 a day, I’m just not doing that.  This works.

First, you’ll want to SSH into the Analytics VM.  Login with “root” and your password.

Next, type the command in blue below.  The prompt shows “secondvm-external“, which indicates you’re on the Analytics VM.

secondvm-external:/ # vi /usr/lib/vmware-vcops/user/conf/controller/controller.properties

Take a look at this file, and find the following line:

deleteNotExisting = false

Change false to true

If you’re in a hurry, you can play with the deletionSchedulePeriod setting, or you can just wait 24 hours, and the objects you wanted deleted will be deleted.

When you’ve made the change, type the following:

:wq

One last step for good measure.

Back at the secondvm-external:/ # prompt, type the following:

ssh 172.20.20.1

Note the prompt now changes to firstvm-external:/ #

Type in: su – admin

Now you’re at the admin@firstvm-external:~> prompt.

Type:

vcops-admin restart

24 hours from now, objects that vCOps cannot see will not exist in vCOps.

So now, let’s go into vCOps and get rid of the objects we don’t want to see anymore.

Login to the custom UI via https://vcopsserveraddress/vcops-custom

Navigate to Environment Overview.

Search for, and select the objects that you isolated via permissions, and click on the nearly invisible 8 pixel delete button.

It looks like this, magnified 1000x. 

Now relax.

If you’re getting the over licensed usage watermark, it’ll go away in 24 hours.

If the objects you just deleted reappear after the next 5 minute collection cycle, you missed a step.

Happy vCOpsing!

I finally got around to trying the new settings for MaxHWTransferSize on my VMAX connected vSphere hosts, and it really is a shocking performance boost when doing Storage vMotions.

Basically we’re telling the VAAI hardware assist to use 4x larger chunks to do this data copy in the background.  Net result is any VAAI copy operations finish up quite a bit faster than they did before.

If you haven’t, I recommend you go read Chad’s article on the topic here:

http://virtualgeek.typepad.com/virtual_geek/2012/12/vmax-and-vsphere-vaai-xcopy-update.html

If you don’t feel like reading the article, and just want to get this going in the lab as fast as possible, SSH into your vSphere hosts and issue the following command:

esxcfg-advcfg -g /DataMover/MaxHWTransferSize

This will tell you what it’s currently set to:

Value of MaxHWTransferSize is 4096

Should be 4096.  If not, make a note of it in case you need to roll back.

Then enter this to change to the new setting:

esxcfg-advcfg -s 16384 /DataMover/MaxHWTransferSize

You’ll see the following:

Value of MaxHWTransferSize is 16384

Now go test some SvMotions.

If this somehow breaks, (not that I’ve seen it) change it back to what it was before.

In my preliminary tests, I’m seeing SvMotions that were taking 1:30 to complete, finishing in 26 seconds.

This is an impressive tweak.  Shouts to Chad for the post, and Cody Hosterman for the boost!

Ohh, and remember, do this only if your hosts are exclusively connecting to VMAX arrays.  It could break on other arrays.

Now that Cisco is giving away the Nexus 1000v, I am guessing we will see less people removing 1000v’s and going back to the standard vDS.  If you do need to remove a 1000v instance however, there is a possibility that certain port profiles will remain in vCenter after the removal.

Here’s how to fix this issue.

First off, this post assumes basic familiarity with SQL Management Studio.  If you’re not comfortable running queries and deleting data from your vCenter database, call VMware support, and they’ll help you out.

This is what you’ll see in vCenter when you have this issue.  Note the 1kv instance is gone.  You won’t see the switches, but you will see a folder with the name of the missing 1kv instance.  Below that will be your orphaned port profile.

As with any scenario where you will be editing a database, start by doing a full backup of that database.

Next, start a new query.

In the query window, type the following:

SELECT * FROM VPX_ENTITY WHERE NAME =‘<name of profile>’;

Click the Execute button.

You will see the query results show the name of the orphaned port profile.

You should only see one row of results.  That’s our orphan.  If you do see more than one row, you’ll need to match up the correct vDS with the correct ID.

Do that by running the following:

SELECT * FROM VPX_ENTITY WHERE NAME =‘<name of DVS>’;

In this example, we can see the Parent ID is 70.  If you had more than one, you’ll need to make sure you delete the right one, or you’ll be restoring that backup you just made.

Now, start another new query and type the following:

DELETE FROM VPX_ENTITY WHERE ID= ‘<name of profile>’;

Execute this one, and then restart vCenter.

Once you get back into vCenter, you will no longer see the orphan.

Hat tip to Ben Perove on this one.  The guy is a 1000v genius!

I recently went through the configuration of the vCloud Network and Security vShield Edge VPN Appliance.

The SSL-VPN Plus is a client based VPN solution from VMware.  IPSEC site to site is also available, but this demo solely focuses on configuring the client / server based SSL-VPN solution.

http://youtu.be/8anh9vVC-x4

This demo assumes you have vShield Manager installed in your environment and a Port Group configured to use for the vShield Edge Appliance

The video goes into decent detail, but please reference these steps when doing your configuration:

• Login to your vShield Manager interface (mine is https://vshield)
• The default credentials are Username: admin | password: default
• Click the ‘+’ sign next to Datacenters and left click your datacenter (mine is cllab-dc)
• Next, click on the Network Virtualization Tab on the right hand side of the frame
• Click the green plus sign under ‘List of Edge gateways installed in this datacenter’
• Enter the name of the new Edge Appliance, mine is called ‘demo2-vpn’, then enter your hostname, description, tenant, and select your HA option (all are optional except ‘Name’ and I chose not to use HA for this demo)
• Click new then enter the CLI Credentials (I left this as the default) and choose whether or not you want to enable SSH, however this has no barring on the VPN configuration
• Click next then select your appliance size (mine is compact), make sure to leave the Enable auto rule generation checked, then click the ‘plus’ sign under edge appliances
• Select your cluster from the drop down, mine is ‘Server-Cluster’ then select your datastore and host accordingly, then click ‘Add’
• Click Next, and configure your default Edge Gateway interface again by clicking the ‘plus’ sign
• Give your Edge Interface a name, mine is demo2-vpn-interface.  Leave the type as Uplink, then select the Port Group to connect to, mine is VPN-Portgroup
• Leave the connectivity status as Connected, then click the ‘plus’ sign under Configure Subnets
• Again, click the next ‘plus’ sign on the Add Subnet menu that pops up, then type in the IP address for your interface, mine is 192.168.1.19, click ok then type in your subnet mask and in my case it is 255.255.255.0 then click save
• Now click ‘Add’ back at the Add Edge Interface menu
• Click next and configure your default gateway by selecting the Configure Default Gateway check box.  Select the vNIC just created, enter your Gateway IP (mine is 192.168.1.1) then click next
• Click the check box for Configure Firewall default policy, then set the Default Traffic Policy to Accept, then click next (HA is grayed out if you chose not to enable HA earlier as I did in this demo)
• Click next and then Finish at the Summary page, the new vShield Edge appliance will now get deployed
• After deployment is complete, double click on the new vShield Edge appliance
• Click on the VPN button, then click the SSL VPN-Plus link
• Click on Server Settings, then click Change
• Be sure the Primary address is selected, and in my case that is 192.168.1.19
• Select your port, the default is 443 which is fine, but I changed my port to 8443 to avoid a port conflict on my router
• You can leave the default cipher as RC4-MD5 and leave the Use Default Certificate checked
• Click Ok, then click on the IP Pool link under Configure
• Click the green ‘plus’ link to configure the IP pool range you want to lease to your VPN clients, in my case that is 172.16.10.20 To 172.16.10.30
• Enter your IP address range, enter the subnet mask (mine is 255.255.255.0) then be sure to leave the Status as enabled and configure your DNS and DNS Suffix settings (mine are 192.168.1.2 as the Primary DNS and cllab.local as the suffix) then click OK
• Next click on Private Networks to configure the internal networks you wish to provide access for your VPN clients
• Click the green ‘plus’ sign again and enter the network, netmask, and leave the rest unchanged.  My values are 192.168.1.0 for the network with a netmask of 255.255.255.0.  192.168.1.0 gives access to then entire 192.168.1.x subnet.  Click OK
• Next click Authentication, then click the green ‘plus’ sign to add authentication, in my case I chose LOCAL in the drop down menu
• You can leave the rest unchanged, but in my case I chained the Password Expires to 365 days with an expiry reminder to 360 days, then click OK
• Next click Installation Package and then the green ‘plus’ sign to bring up the Add Installation Package menu
• Give it a profile Name, in my case it is just demo2-vpn
• Then type in the public addressable IP address to your network or the DNS name, in my case it is 174.x.x.x and then make sure your port matches what we configured earlier.  The default is 443, but in my case I changed this to port 8443 then click the OK button directly to the right of the port entry
• Next select the installation packages you wish to generate, I chose Mac and Windows is enable by default.
• Leave the rest unchanged then click OK
• Now add a LOCAL user by click Users, then click the green ‘plus’ sign and type in the user credentials and select whether or not you want to have the password expire, change at next login, etc. In my case my user name is clucas, password was entered, and I selected to have the Password never expire.  Then click OK
• Lastly on this section, I selected General Settings -> Change and set the session idle timeout to 120 minutes from the default of 10.  Then click OK
• Now we need to configure a NAT for the VPN Edge Appliance, so select the NAT button directly to the left of the VPN button under the Network Virtualization Tab
• Click the green ‘plus’ sign and select Add SNAT Rule
• Be sure the demo2-vpn interface is select (or what your called yours) and enter the Source IP range of 172.16.10.0/24 (or whatever network IP pool you chose to create) and translate this to the VPN Edge IP address of 192.168.1.19 (yours maybe different)
• Then click enabled then click Add then be sure to click Publish
• Now click back on the VPN button -> Dashboard -> then click the green/white enable button, then click Yes
• Now that the VPN Edge has been enabled, download the client by navigating to the IP/Port of the VPN Edge interface via https (in my example it is https://demo2-vpn:8443 or https://192.168.1.19:8443
• Enter the username previously created, in my case that is clucas, then enter your password and click Login
• Now click the demo2-vpn link (or whatever you named yours) to begin the download and installation of the client
• Once installed, be sure you enable port forwarding on your router for port 443 or in my case 8443 to the vShield Edge Interface of 192.168.1.19
• Launch the VMware VPN naclient and select your VPN server from the drop down list, mine is demo2-vpn
• Click connect and enter your credentials.

Enjoy!

Chad Lucas

clucas@vmware.com

You know how you buy a new product, and so many times you have to work to make it act the way it should out of the box?  A perfect example is any iOS device from Apple.  There is simply no reason an Apple device wouldn’t automatically download podcasts for you in the background so you’re always up to date with the latest episodes.  But it doesn’t.  You have to buy Downcast for $2 to make the device work as it should from the beginning.

What’s that got to do with vCenter Operations?  If you’ve used vCOps (pronounced vee-cee-aaahhhhps, according to the Twitter cognoscenti) extensively, you will no doubt have run into a problem where a VM, datastore, or any other object gets deleted out of vCenter, but will not go away from vCenter Operations’ database.

This can be quite frustrating.  It will let you go into the custom UI and delete it as many times as you want.  But it truly is an exercise in futility.  It will never actually delete until you go in and make some changes to some config files.

Let’s get started.

First, you’ll want to SSH into the Analytics VM.  Login with “root” and your password.

Next, type the command in blue below.  The prompt shows “secondvm-external“, which indicates you’re on the Analytics VM.

secondvm-external:/ # vi /usr/lib/vmware-vcops/user/conf/controller/controller.properties

Take a look at this file, and find the following line:

deleteNotExisting = false

Change false to true

If you’re in a hurry, you can play with the deletionSchedulePeriod setting, or you can just wait 24 hours, and the objects you wanted deleted will be deleted.

When you’ve made the change, type the following:

:wq

One last step for good measure.

Back at the secondvm-external:/ # prompt, type the following:

ssh 172.20.20.1

Note the prompt now changes to firstvm-external:/ #

Type in: su – admin

Now you’re at the admin@firstvm-external:~> prompt.

Type:

vcops-admin restart

And you’re all done.

24 hours from now, objects that no longer exist in vCenter won’t exist in vCenter Operations.  Why this is not default is not entirely obvious to me, but there you go.

I was fortunate enough to get the opportunity to spend some time with the DynamicOps team at one of my customer accounts recently.  DynamicOps (Cloud Automation Center aka DCAC) is a very robust tool that provides many of the attributes that we need to run “IaaS” or “Infrastructure as a Service”.  The self-service portal, approvals, automation, support for physical/virtual/cloud is something that DynamicOps has mastered in their solution set.   I now see why VMware made the decision to add DynamicOps to the strategic vision that we are executing against.

I thought I would pull a short video clip together that showed some of the base functionality of DynamicOps and how it integrates with VMware vSphere.  This demo environment is based off the VMworld labs that some of you may have experienced in San Francisco 2012.  The remainder of you better be at VMworld 2012 Barcelona to get some stick time with DynamicOps!  I will be there how about you?

-Scott

Although there’s plenty of forthcoming VMworld related bloggery churning around in my head, I thought I’d go ahead and post some pics from v0dgeball 2012 for your enjoyment.  The event was a good time, and we raised $13k for the Wounded Warriors.  Chad has the complete breakdown and video here.

I agreed to sub in only if someone on our team suffered trauma.  Hey. . .someone had to take the pics.  ;-)

Team Tech Field Day / vExpert 2 hears the starting gun.

This looks imminent.

A coordinated assault from my team!

NetApp about to end it for the EMC team. . . or are they?

The most amazing comeback since Bon Jovi!

I just put this one in for EMC’s health insurance underwriters.

A fine looking bunch of sweaty people.

Are you Ready?

Hopefully you read my last Socialcast blog post so you know that I have been working on developing the Socialcast hands on labs for VMworld 2012.  I also mentioned two other efforts I was working on to raise the visibility of Socialcast at VMworld 2012.  Reaching out to the Socialcast team to leverage Socialcast for the attendees of the VMworld conference, and the other was engaging one of my customers (one of the largest Socialcast customers) to present at a general session.  I am happy to report that I have successfully completed 3 out of 3 of my objectives and all of these components are going to take place.

Socialcast General Sessions

One of the largest customers that I support, happens to be one of the largest Socialcast implementations we have in production.  I reached out to Jeff Ross of Humana, and Jeff agreed to present this year at VMworld 2012.  Check out the two sessions that Jeff will be leading, I suggest you attend both of these if you are seriously considering the adoption of a corporate social networking platform.  Jeff has the experience and wisdom of what it takes to successfully bring Socialcast into production in a corporate environment.  Thanks for stepping up Jeff, I am looking forward to your sessions!  Sign up for either of Jeff’s sessions with the links below.

EUC2909 – Using Socialcast to Build a Successful Internal Social Collaboration Community
While a majority of employees participate in at least one social network outside of work, not all companies use the power of social networks internally to their own advantage. In this presentation, learn how the Fortune 100 company Humana Inc. went from zero to a dynamic internal community with 20,000 users and 1,000 groups in a two-year period using the Socialcast® platform. Learn from the things it did well and from its mistakes. Companies won’t succeed with a “build it and they will come” attitude when it comes to internal social platforms. It takes a strategy, sound online community principles, resources and constant effort to grow in quantity and quality, break down internal silos and foster a sense of community that transcends geographical and functional boundaries. This session will provide substantive detail of one company’s successful implementation so that your current or future implementation can succeed as well.
Jeff Ross – Community Manager, Humana Inc.

EUC2592 – Gain Competitive Advantage with Enterprise Social: Best Practices from Leading Companies on the Front Lines
Section 1 – Building the case for Enterprise Social Networks Provide a general overview of Social Technologies and their impact on organizations. •    The Social World – The world is being transformed by social technologies and new ways of working •    The Social Enterprise – An enterprise becomes social when it develops the skills and a strategy to apply mass collaboration to business challenges and opportunities •    The Promise of Socialcast – What we were hoping to gain by implementing an Enterprise Social Network (ESN) – Vision, strategy, features and benefits Section 2 – Evaluating and Implementing a Successful Enterprise Social Network Highlight key elements and best practices of the implementation process including business system integrations and governance. Section 3 – Driving Adoption, Engagement and Business Value Showcase key statistics, use cases and business value outcomes of a successful ESN journey.
Marc Fenner – Sr. Business Analyst, VMware, Inc.
Jeff Ross – Community Manager, Humana Inc.
Becky Graebe – Corporate Communications Manager, SAS
Joan Bodensteiner – VP Marketing, Socialcast, VMware, Inc.

Hands on Labs

Countless hours went into putting this lab together with my co-captain Patrick O’Brien, and I hope you enjoy some of the fun that we built into the lab. The goal was to give attendees quick visibility into the product, from both an end user perspective, as well as an application administration perspective. We were told to design two labs each 30 minute product overviews. Here is what you can look forward to when you come take my lab at VMworld 2012!! (shameless self plug goes here).

Look for special guest appearances in the Socialcast labs from a movie you have most likely seen!  Can you take a guess which character role you will be taking on?

Socialcast Lab 1 (HOL-EUC-07-01): VMware Socialcast Feature Walkthrough (30 min Abstract: This lab will introduce the participant to the advanced features of Socialcast, the market-leading enterprise social network. Socialcast allows your company to easily collaborate on ideas, documents, and projects. The participant will login to an interactive Socialcast environment to get a feel for what a production deployment of Socialcast might look like.

Socialcast Lab 2 (HOL-EUC-07-02): Administration of VMware Socialcast (30 min Product Lab) Abstract: This lab will introduce the advanced administration features of VMware Socialcast. Participants will learn how to configure and customize a Socialcast community, extend Socialcast into other business applications such as SharePoint, and utilize Socialcast’s advanced business analytics. Participants will login to the Socialcast Cluster Management Console (SCMC) and configure administrative tasks (setup backups, create support bundle).

Socialcast for VMworld attendees

I reached out to our CMO Rick Jackson to propose the concept of conference attendees have access to Socialcast for the actual conference. Rick informed me that we actually already had efforts underway to try to make this happen and pointed me to the team that was working this VMworld project.

The marketing team has given me the go-ahead to reveal that conference attendees will be able to login to a special VMworld 2012 SaaS version of Socialcast and collaborate between each other. This will give you another great way to hook up with friends, find out what’s going on, and post pictures of your friends on stage with Jon Bon Jovi!

Download the Socialcast mobile app for your device now, you will be able to access the site from the device of your choice to keep up with friends and colleges through out the entire event!  The Socialcast site should be opening up to registered attendees later this week.

Here is a screenshot of the Socialcast http://vmworld.socialcast.com attendee interface that you will soon have access too:

Here are a few of the initial groups that have been created, look forward to many more!

Conclusion

VMworld 2012 will be a great event offering attendees a wealth of VMware knowledge and information.  Set some time aside out of your busy agenda to examine Socialcast for your enterprise.  There will be several different ways to get technical information, and Jeff will take you through his journey at Humana and discuss some of the best practices around standing up a Social collaboration platform in a large corporation.  Come find me in the labs when you get some downtime and we can catch up!

Don’t forget, you can get 50 free seats of Socialcast for your business today so give it a shot, simply scan the QR code below!