Browsed by
Tag: vSphere 6.5

vSphere 6.5 – Update Manager changes

vSphere 6.5 – Update Manager changes

Going through our list of articles about new features in vSphere 6.5 the last one is vSphere Update Manager for vCenter Server Appliance. Since vSphere 6.5 it’s fully embedded and integrated with vCenter Server Appliance with no Windows dependencies. It means that vCenter Server Appliance delivers now Update Manager as an optional service similar to Auto Deploy, etc.

Since vSphere 6.5 there is no longer possible to connect Update Manager instance that is installed on a Windows Server machine with vCenter Appliance.

That’s mean that you have two ways to use Update Manager component:
• You can install the Update Manager server component either on the same Windows server where the vCenter Server is installed or on a separate machine. To install Update Manager, you must have Windows administrator credentials for the computer on which you install Update Manager.
• You can deploy vSphere Update Manager in a secured network without Internet access. In such a case, you can use the vSphere Update Manager download service to download update metadata and update binaries.

In the a facelifted Web Client Update Manager Web Client appears as an Update Manager tab under the Configure tab in vSphere Web Client.

The whole management processes are rather the same so there isn’t anything special and worth to notice here since the product is pretty simple, easy on of course it’s doing the job.

VMware Auto Deploy Configuration in vSphere 6.5

VMware Auto Deploy Configuration in vSphere 6.5

 

 

 

The architecture of auto deploy has changed in vSphere 6.5, one of the main difference is the ImageBuilder build in vCenter and the fact that you can create image profiles through the GUI instead of PowerCLI. That is really good news for those how is not keen on PowerCLI. But let’s go throgh the new configuration process of Auto Deploy. Below I gathered all the necessary steps to configure Auto Deploy in your environment.

  1. Enable Auto Deploy services on vCenter Server. Move to Administration -> System Configuration -> Related Objects, look for and start fallowing services:
  • Auto Deploy
  • ImageBuilder Service

You can change the startup type to start them with the vCenter server automatically as well.

Caution! In case you do not see any services like on the screan below, probably vmonapi and vmware-sca services are stopped.ad1

To start them, log in to vCenter Server through SSH and use fallowing commands:

#service-control  – -status         // to verify the status of these services

#service-control  – -start vmonapi vmware-sca       //to start services

ad2

Next, go back to Web Client and refresh the page.

 

  1. Prepare the DHCP server and configure DHCP scope including default gateway. A Dynamic Host Configuration Protocol (DHCP) scope is the consecutive range of possible IP addresses that the DHCP server can lease to clients on a subnet. Scopes typically define a single physical subnet on your network to which DHCP services are offered. Scopes are the primary way for the DHCP server to manage distribution and assignment of IP addresses and any related configuration parameters to DHCP clients on the network.

When basic DHCP scope settings are ready, you need to configure additional options:

  • Option 066 – with the Boot Server Host Name
  • Option 067 – with the Bootfile Name (it is a file name observed at Auto Deploy Configuration tab on vCenter Server – kpxe.vmw-hardwired)

ad3

  1. Configure TFTP server. For lab purposes I nearly always using the SolarWinds TFTP server, it is very easy to manage. You need to copy the TFTP Boot Zip files available at Auto Deploy Configuration page observed in step 2 to TFTP server file folder and start the TFTP service.

ad4

At this stage when you are try to boot you fresh server should get the IP Address and connect to TFTP server. In the  Discovered Hosts tab of Auto Deploy Configuration you will be able to see these host which received IP addresses and some information from TFTP server, but no Deploy Rule has been assigned to them.

ad5

  1. Create an Image Profile.

Go to Auto Deploy Configuration page -> Software Depots tab  and Import Software Depot

ad6

 

Click on Image Profiles so see the Image Profiles that are defined in this Software Depot.

ad7

The ESXi software depot contains the image profiles and software packages (VIBs) that are used to run ESXi. An image profile is a list of VIBs.

 

Image profiles define the set of VIBs to boot ESXi hosts with. VMware and VMware partners make image profiles and VIBs available in public depots. Use the Image Builder PowerCLI to  examine the depot and the Auto Deploy rule engine to specify which image profile to assign to which host. VMware customers can create a custom image profile based on the public image profiles and VIBs in the depot and apply that image profile to the host.

 

  1. Add Software Depot.

Click on Add Software Depot icon and add custom depot.

ad8

Next point in the newly created custom software depot select Image Profiles and click  New Image Profile.

ad9

I selected the minimum required VIBs to boot ESXi host which are:

  • esx-base 6.5.0-0.0.4073352 VMware ESXi is a thin hypervisor integrated into server hardware.
  • misc-drivers 6.5.0-0.0.4073352 This package contains miscellaneous vmklinux drivers
  • net-vmxnet3 1.1.3.0-3vmw.650.0.0.4073352 VMware vmxnet3
  • scsi-mptspi 4.23.01.00-10vmw.650.0.0.4073352 LSI Logic Fusion MPT SPI driver
  • shim-vmklinux-9-2-2-0 6.5.0-0.0.4073352 Package for driver vmklinux_9_2_2_0
  • shim-vmklinux-9-2-3-0 6.5.0-0.0.4073352 Package for driver vmklinux_9_2_3_0
  • vmkplexer-vmkplexer 6.5.0-0.0.4073352 Package for driver vmkplexer
  • vsan 6.5.0-0.0.4073352 VSAN for ESXi.
  • vsanhealth 6.5.0-0.0.4073352 VSAN Health for ESXi.
  • ehci-ehci-hcd 1.0-3vmw.650.0.0.4073352 USB 2.0 ehci host driver
  • xhci-xhci 1.0-3vmw.650.0.0.4073352 USB 3.0 xhci host driver
  • usbcore-usb 1.0-3vmw.650.0.0.4073352 USB core driver
  • vmkusb 0.1-1vmw.650.0.0.4073352 USB Native Driver for VMware

But the list could be different for you.

 

ad10

  1. Create a Deploy Rule.

ad11

ad12

ad13

ad14

ad15

  1. Activate Deploy Rule

ad16

  1. That’s it, now you can restart you host, it should boot and install according to your configuration now.
vCenter Server content library

vCenter Server content library

Content Library was introduced in vSphere 6.0 as a way to centrally store and manage VM templates, ISOs, and even scripts. Content Library operates with a Publisher/Subscriber model where multiple vCenter Servers can subscribe to another vCenter Server’s published Content Library so that the data stored within that Content Library is replicated across for local usage. For example, if there are two data centers each with their own vCenter Server a customer could create a Content Library to store their VM templates, ISOs, and scripts in and then the vCenter Server in the other data center could subscribe and have all of those items replicated to a local datastore or even NAS storage. Any changes made to the files in data center 1 would be replicated down to data center 2.

vcenter13

With vSphere 6.5 VMware has added the ability to mount an ISO directly from the Content Library versus having to copy it out to a local datastore prior to mounting. Customers also now have the ability to run VM customizations against a VM during deployment from a VM template within a Content Library. Previously, customers need to pull the template out of CL if a customization was required. Customers can now easily import an updated version of a template as opposed to replacing templates which could disrupt automated processes.

There are now additional optimizations related to the synchronization between vCenter Servers reducing the bandwidth and time required for synchronization to complete.

Customers can also take comfort in knowing that their Content Libraries are also included in the new file-based backup and recovery functionality as well as handled by vCenter HA.

SUMMARY:

  • Improved operational features
    • Mount an ISO file from a Content Library
    • OS customization during VM deployment from a library
    • Update an existing template with a new version
  • Optimized HTTP sync between vCenter Servers
  • Part of VC backup/restore and VC HA
VCSA deployment and migration options

VCSA deployment and migration options

The vCenter Server Appliance deployment experience has been enhanced in the vSphere 6.5 release. Installation workflow is now performed in 2 stages. The first stage deploys an appliance with the basic configuration parameters: IP, hostname, and sizing information including storage, memory, and CPU resources.
vcenter4

Stage 2 then completes the configuration by setting up SSO and role-specific settings. Once Stage 1 is complete we can now snapshot the VM and rollback if any mistakes are made in Stage 2. This prevents from having to start completely over if anything were to go wrong during the deployment process.

NOTE!!! There are versions of the deployment application available for Windows, Linux, and macOS.

 vcenter5

 A new feature in vSphere 6.5 is the ability to migrate a Windows vCenter Server 5.5 or 6.0 to a vCenter Server Appliance 6.5. The migration process starts by running the Migration Assistant, which serves two purposes. The first, pre-checks of the source Windows vCenter Server 5.5 or 6.0 to determine if it meets the criteria to be migrated. Second, it is the data transport mechanism that migrates data from the source Windows vCenter Server 5.5 or 6.0 to the target vCenter Server Appliance 6.5.

The Migration tool will automatically deploy a new vCenter Server Appliance 6.5 and migrate configuration, inventory, and alarm data by default from a Windows vCenter Server 5.5 or 6.0. If you want to keep your historical and performance data (stats, events, tasks) along with configuration, inventory, and alarm data there is the option to also migrate that information. The vSphere 6.5 release of the Migration Tool provides granularity for historical and performance data selection.

vcenter6

Both embedded and external topologies are supported, the Migration Tool will not allow changing your topology during the migration process. Changing of topologies will need to be done before the migration process if consolidation of your vSphere SSO domain is required.

SUMMARY:

  • 5 support for Windows vCenter 5.5 or 6.0 à 6.5
  • Migrations for both embedded and external topologies
  • VUM included
  • Embedded and external Database support: MSSQL, MSSQL Express, Oracle
  • Option to select historical and performance data
vCenter Server Appliance 6.5 – new default deployment choice

vCenter Server Appliance 6.5 – new default deployment choice

vcenter1The vCenter Server Appliance 6.5 is the first VMware Appliance to run on Photon OS, it is a Linux OS optimized for virtualization which will become in near future  standard for all VMware virtual appliances. Photon OS provide many benefits to the performance of the vCenter Server Appliance, which includes about 3x performance gain over its Windows counterpart and significantly reduces boot and restart times. This also means no more dependency on 3rd party for OS patching and should greatly reduces the amount of time it takes VMware to deliver security patches and updates to the vCenter Server Appliance.

VCSA – main features:

  • Native High Availability
  • VMware Update Manager
  • Improved Appliance Management
  • Native Backup / Restore

In vSphere 6.0 we saw performance and scalability parity for the vCenter Server Appliance when compared to it’s Windows-based counterpart. With vSphere 6.5 we now see feature parity and even new features that are exclusive to the vCenter Server Appliance. Let’s take a quick look at each of these new features before addressing them in more details later:

vcenter2

vcenter3

Let’s start with vCenter High Availability which is a native HA solution built right into the appliance. Using an Active/Passive/Witness architecture, vCenter is no longer a single point of failure and can provide a 5-minute RTO. This HA capability is available out of the box and has no dependency on shared storage, RDMs or external databases.

Next, we have the integration of VMware Update Manager into the vCenter Server Appliance. Now VMware Update Manager is included by default into the vCenter Server Appliance and makes deployment and configuration a snap.

Another exclusive feature of the vCenter Server Appliance 6.5 is the improved appliance management capabilities. The vCenter Server Appliance Management Interface continues its evolution and exposes additional health and configurations. This simple user interface now shows Network and Database statistics, disk space, and health in addition to CPU and memory statistics which reduces the reliance on using a command line interface for simple monitoring and operational tasks.

Finally, VMware have added a native backup and restore capability to the vCenter Server Appliance in 6.5 to allow for simple out-of-the-box backup options in addition to the traditional supported methods including VMware Data Protection and VMware vSphere Storage APIs – Data Protection (formerly known as VMware vStorage APIs for Data Protection or VADP). This new backup and restore mechanism allows customers to use a simple user interface to remove reliance on 3rd party backup solutions to protect their vCenter Servers and Platform Services Controllers.

Note !!! All these new features are only available in the vCenter Server Appliance.

HTML5 Client – the new way of managing vSphere environment?

HTML5 Client – the new way of managing vSphere environment?

Since vSphere 6.5, VMware killed standard Windows vSphere Client. However, it was promised so we should not be suprised (anyway I am still shocked ;)).

Fortunatelly, every cloud has a silver lining. I reckon that VMware is aware that the current Web Client is not a perfect solution. That’s why they released completely new HTML5 vSphere Client which seems to be quite useful, intuitive and what’s the most important – it works as it should in therms of response times. Some of Administrators claims it reminds the old GSX console.

The darker side of the new Client is that it’s constrained in terms of functionality and it will not let you perform all of the administrative tasks. But do not worry it’s the first release and I hope VMware will expand the functionality quickly.

The HTML5 Client could be accessed by energing the FQDN or IP address of our vCenter in the Web browser, then you will see two possible options – classic Web Client and the new one. You will also notice that there is a caution saying that it has only partial functionality.

html5_1

The list of non supported functionalities you will find here.

After you sign in to the new administration interface you will see quite grey and simple but in my opinion still good looking interface.

html5_2

The whole structure of it is designed to be intuitive expecially for those Admins which are still using mostly just the standard vSphere client. In my option the design combines the best things from Web and Windows Client in one interface. The problem is just the lask of functionality. I decided to try it and start with configuring iSCSI in my new nested LAB. However, I was quickly brought to the heel – there was not an option to add software SCSI adapter. This suddenly ended my adventure with new HTML5 Client 🙂

To sum up, it would be a handy tool in the future, it just need to be completed in terms of functionality.  Unfortunatelly, for those who want to migrate to vSphere 6.5 there will be still a need to use Web Client.

vSphere 6.5 – What’s new in networking  

vSphere 6.5 – What’s new in networking  

 

In this article I will try to review all new network features.

1. vmknic gateway

  • Each VMKERNEL port can have its own Gateway.
  • This will make it easy for vSphere features to function seamlessly.
  • This eliminates the need for adding and maintaining static routes.

network1

Before vSphere 6.5 there was only one default gateway allowed for all VMKernel ports in an ESXi host. vSphere features such as DRS , iSCSI, vMotion, etc. leverage  that use VMKERNEL ports are constrained by this limitation. Many of the VMKERNEL ports were not routable without the use of static routes unless they belonged to a subnet other than the one with the default gateway. These static routes had to be manually created and were hard to maintain.

vSphere 6.5 provides the capability to have separate  default Gateways for every VMKernel port. This simplifies management of VMKernel ports and eliminates the need for static routes.

Prior to vSphere 6.5, VMware services like DRS, iSCSI, vMotion & provisioning leverage a single gateway. This has been an impediment as one needed to  add static routes on all hosts to get around the problem. Managing these routes could be cumbersome process and not scalable.

vSphere 6.5 provides capabilities, where different services use different default gateways. It will make it easy for end users to consume these feature without the need to add static routes. vSphere 6.5 completely eliminates the need for static routes for all VMKernel based services making it simpler and more scalable.

 

2.SR-IOV provisioning:

VM provisioning workflow prior to vSphere 6.5, for SR-IOV devices required the user to manually assign the SR-IOV NIC.  This resulted in VM provisioning operations being inflexible and not amenable to automation at scale. In vSphere 6.5 SR-IOV devices can be added to virtual machines like any other device making it easier to manage and automate.

 

3.Support for ERSPAN:

ERSPAN mirrors traffic on one or more “source” ports and delivers the mirrored traffic to one or more “destination” ports on another switch. vSphere 6.5 includes support for the ERSPAN protocol.

network2

 

4.Improvements in DATAPATH:

 vSphere 6.5 has data path improvements to handle heavy load. In order to process large numbers of packets, CPU needs to be performing optimally, in 6.5 ESXi hosts leverage CPU resources in order to maximize the packet rate of VMs.

network3

Where are the improvements being made ?

  1. VMXNET 3 optimization
    1. Using copy TX for small messages size (<=256B)
    2. Optimized usage of pinned memory
  2. Physical NIC improvements
    1. Native driver support for Intel cards (removes overhead of translating from VMkernel to VMKLinux data structures)
  3. CPU Scheduling Improvements
    1. Up to 8 separate threads can be created per vNIC
      • To enable on VM level add:

ethernetX.ctxPerDev = “3” to vmx file

 

Summary:

  • Optimizing code to improve efficiency
  • Allowing the ability to increase thread count for networking
  • Introducing support for more native drivers (Intel)
  • VMXNET3 enhancements

 

vSphere 6.5 – vCenter Configuration Backup

vSphere 6.5 – vCenter Configuration Backup

In vSphere 6.5 new feature to backup vCenter Server Appliance is available. You can back up it by using build-in file-based solution which backup the core configuration and inventory into a few files. You can also decide which historical data you want to include in such backup.

The backup is available from VAMI interface ( at port 5480).

backup1

The available locations where you can backup the configuration are:

  • FTP and FTPS
  • SCP
  • HTTP and HTTPS

backup2

As I mentioned before you can choose if you want to backup the historical data aswell or not. The common part ( inventory and configuration) is always checked by default.

backup3

Tha backed up files looks like these:

backup4

 

In case you are forced to use your backup you have to use the vCSA ISO file downloadable from VMware site and then select the Restore option. The process is quite similar to normal deployment (2 stages in the process).

vSphere 6.5 – Stronger security with NFS 4.1

vSphere 6.5 – Stronger security with NFS 4.1

NFS 4.1 is been supported since vSphere 6.0 and  but now we are looking into providing stronger security. In vSphere 6.5 we have better security  by providing strong cryptographic algorithms with Kerberos (AES). Also, IPV6 is supported but not with Kerberos and that is another area we are looking into along with supporting integrity checks.

Aa we know vSphere 6 NFS client also does not support the more advanced encryption type know is AES. So lets take a look at what is new in vSphere 6.5 NFS in terms of encryption standard :
storage5

 Summary:

  • NFS 4.1 has been supported since vSphere 6.0 ,
  • Currently support stronger cryptographic algorithms with Kerberos authentication using AES ,
  • Introducing Kerberos integrity check (SEC_KRB5i) along with Kerberos authentication in vSphere 6.5,
  • Adding Support IPV6 with Kerberos ,
  • Added Host Profiles support for NFS 4.1 ,
  • Better security for customer environments .

 

vSphere 6.5 – New scale limits for paths & LUNs

vSphere 6.5 – New scale limits for paths & LUNs

In vSphere 6.5 VMware  doubled  the  current limits and continuously work on reaching new scale around this . Current limits (before 6.5) pose challenge as for example in some cases our customers have 8 paths to a LUN, in this configuration one can have max of 128 LUNs in a cluster. Also, many of the customers tend to have smaller size LUNs to segregate important data for easy backup and restore. This approach can also exhaust current LUN and Path limits.

Large LUN limits  enable  to have larger cluster sizes and hence reducing management over head.storage4

SUMMARY:

  • Current Limit is 256 LUNs and 1024 Paths ,
  • This limits customer deployments requiring higher Path counts ,
  • Customers requiring small sized LUNs for important files/data require larger LUN limits to work with ,
  • Larger Path/LUN limits can enable larger cluster sizes, reducing the overhead of managing multiple clusters ,
  • Support 512 LUNs and 2K paths in vSphere 6.5 .