February 19

The vCloud Suite Digest (Feb, 2013) with Pang Chen and Mike Laverick

With thanks to many sources including: Massimo Re Ferre, Joe Sarabia, Burke Azbill, Andy Steven, Tomas Fojta, Ray Budavari, Omer Kushmaro,  Jesse Schachter, Jennifer Galvin, Eric Hardcastle, Vyenkatesh Deshpande, Michael Haines, Christophe Decanini, Patrick Chang, Russel Callen

Hello and welcome to the second vCloud Suite Digest, a compilation of common technical questions and answers on vCloud Suite architecture and implementation. Behind us is a legion of people a group of people far too numerous to mention (for us these are the unsung heroes of VMware) who provide definitive answers and guidance. People fixing problems on a daily basis, that don’t get half the spotlight that jumped up evangelists do. In this months edition we cover such topics as:

  • Controlling the shutdown process of vCloud Director (vCD) vApp
  • How to enable reservations for VMs within a vCD vApp
  • Restricting access by IP/hostname to the vCD Cell
  • How to move a vApp from one datastore using Storage Profiles & Storage vMotion
  • Duplicate MAC address in vCD
  • VXLAN and ESX host de-preparation
  • Fix vCD Appliance expiration
  • The Multicast requirements for VXLAN
  • High-Availblilty with the vCNS Edge Gateway
  • What is vCloud Connector 2.0 and its requirements.

VMRC Stop Button

BackStory:

As with vSphere it’s possible to power on individual VMs and vCloud Director vApps from many locations. The options exist in many locations on the right-click of any vApp as well as the VMs that located within it. Just as with vSphere the power buttons can be modified.

Q. Why does the stop button issue a power off instead of a guest shutdown? Am I missing something?

A. The behavior of the “Stop” button in the vCD UI is determined in your vApp settings, on a per-VM basis. By default, this is “Power Off” but you can change it to Shutdown that will attempt a graceful shutdown of the guest.

shutdownoptions

vCloud Reservations for VMs

BackStory:

In the world of vSphere we’re used to setting reservations either on individual VMs or resource pools. However in the world of vCloud Director we take a much more “macro” perspective handling reservations for an entire tenant.

Q. In vCD, is there a simple way to reserve 100% of the resources of specific individual VMs within a vApp that resides in an Allocation-type allocation pool?

A. It is possible but not with the “Allocation Pool” approach. Remember compute/memory characteristics are by and large defined per Organization Virtual Datacenter (VDC); this happens when you define the Organization VDC for the first time.

resourcemodelsonOrgVDC

It is possible to have this type of per-vApp flexibility using the Reservation-type allocation pool instead of using the “Allocation Pool”.

customreservationsonvms

vCloud Director: Restricting Access

BackStory:

vCloud Director has many options for controlling access using logon credentials, roles and groups. Credentials can come from the system LDAP configuration or alternatively each Organization can have its own customer LDAP configuration – as well as using local users and groups if necessary.

Q. Is there a way to restrict access to vCD cells by specific IP addresses or even just from the localhost?

A. Currently, there is no capability to do this natively in vCD. vCD uses Jetty rather than Apache and the configuration is dynamically created when the cell server starts so this isn’t user modifiable. Typically, this requirement has been met using a firewall and load balancer, as you still want to provide tenant access to the vCD UI and vCloud API

Migrating a vApp to Another Datastore

BackStory:

vCloud Director 5.1 introduces support for Storage Profiles as well as support for Storage vMotion. This allows for the easy transfer of vApps from one class of storage to another with a simple pull down list.

Q. How can I move a vApp in vCD from one datastore to another?

A. You can initiate this through storage profiles using these steps:

Right-click a VM/vApp and choose “properties” and then scroll down. In the storage area you’ll be able to choose a different storage profile, which will initiate a storage vMotion.

movedatastoreofvm

Duplicate MAC Addresses in vCD

BackStory:

One of the big use cases of vCloud Director is in test/development environments where multiple developers can check out the vApps and the VMs they contain many times.  With complicated multi-tier applications most people will want to retain the IP settings of the vApps, but care must be taken when deploying the vApp to avoid IP and MAC address conflicts.

Q. After importing a VM as part of a vApp in vCD multiple times, I ran into a problem where I have duplicate MAC addresses for these VMs after powering them on. Is the MAC address conflict to be expected?

A. Yes, this is to be expected. The MAC addresses either need to be reset, or the vApps should be deployed fenced to eliminate the conflict.

vCloud Director: Host Dependency on VXLAN and Network Pools

BackStory:

vCloud Director 5.1 introduces support for the new “network layering” method called VXLAN (Virtual Extensible Local Area Network) that allows for many millions of networks to reside within a single VLAN. Before creating your first Provider Virtual Datacenter it’s good idea to configure VXLAN within the “network virtualization” tab within the vSphere Client.

vxlanconfig

By default vCloud Director assumes VXLAN is already configured and will attempt to create default network pools based on these settings.

Q. But what happens when you unprepare a host from vCD and the host was using VXLAN and other Network Pools, what occurs in the background?

A. There is no impact. Unpreparing from vCD should only remove the vCloud agent, given VXLAN preparation is performed independently via vShield Manager.

vCD Appliance Expiration

BackStory:

vCloud Director is available as installable package to Red Hat Linux, or you can download a virtual appliance that allows for rapid setup. Remember that the virtual appliance is not fully supported in production and is intended for lab, test and development environments. The virtual appliance of vCloud Director does not allow for in-place upgrades from version to another, and does not allow for a “multi-cell” configuration – where the deployment has more than one vCD server which load-balanced for performance and availability.

Q. My vCD appliance stopped working because apparently the database user is set to expire. Is there a workaround?

A. Yes, follow these steps:

1) SSH into the vcloud director appliance as root.

2) Become the Oracle user:

su – oracle

3) Set your Oracle environment information:

export ORACLE_HOME=/u01/app/oracle/product/11.2.0/xe

export PATH=$ORACLE_HOME:$PATH

export ORACLE_SID=XE

4) Connect to the database

sqlplus “/ as sysdba”

connectingtooracle

5) Select the relevant information from the database, to see if your password is expired – if it is expired the output will be similar:

SQL> select username,account_status,expiry_date from dba_users;

USERNAME                       ACCOUNT_STATUS          EXPIRY_DATE

——————————        —————————–         ———————–

VCDUSER                           EXPIRED                            22-OCT-08

Note: I later releases this user account was changed to VCLOUD

6) If you wish to not have it expire again, first alter the default profile

alter profile DEFAULT limit PASSWORD_LIFE_TIME UNLIMITED;

7) Alter the user and set the password to the original password

alter user VCDUSER identified by VCloud;

8) Display the info again – the account should look like this:

SQL> select username,account_status,expiry_date from dba_users;

USERNAME                       ACCOUNT_STATUS          EXPIRY_DATE

——————————        —————————–         ———————–

VCDUSER                           OPEN

VXLAN Multicast

BackStory:

vCloud Director 5.1 and vSphere 5.1 a brand new “network layering” technology called VXLAN. Aside from an increased MTU size it requires the use of multicast technology.

Q. Is it possible to turn down the TTL to limit the scope of multicast messages coming from the Edge Gateway?

A. Multicast traffic is not sent through the Edge Gateway. It is generated by the Host VTEPs. You will see multicast only when VMs are sending broadcast, unknown unicast, or multicast traffic. We are limiting the VM traffic on the physical network by converting them to multicast. If you are already using multicast in your environment, then you can carve separate multicast groups for VXLAN, thus keeping the traffic separate.

vCNS Edge HA

BackStory:

vCloud Director 5.1 now exposes the option to enable “High Availability” to the vCNS Edge Gateway. This is on top of the fact that the Edge Gateway already stands up a HA and DRS-enabled vSphere cluster.

vse-ha

Once enabled you see two vCNS Edge Gateways with the same name – one labelled with -0 and the other with -1.

vse-ha0-1

Q. When I configure vCNS Edge HA, what is the “Management IP” referring to?

A. HA Management IP is the IP Address used for communication between the active and standby Edge. By default, the user does not need to worry about it (we call it zero-configuration), but the user has the option to explicitly specify it (and its interface). As you know, the IP Address is shared between the active and standby Edge, except this HA Management IP, which should be different.

Q. If I enable HA, will it reboot the current Edge device during the installation of the new HA Edge device?

A. No. When a user enables HA, vCNS Manager will deploy the secondary Edge device and republish the new configuration to both Edge devices. No reboot of the original Edge is required. In most cases, the original Edge device will be the initial active device, so there is no service disruption.

vCloud Connector 2.0

BackStory:

vCloud Connector 2.0 was released on the 21st Dec, 2012 and allows for the movement of vApps from a private vSphere and vCloud environment to a public cloud vendor – and back again. This short Q/A highlights the requirements and features. vCC has model of management server and vCC “nodes” these nodes can be deploy on per-Organization basis that enables it to be multi-tenancy solution.

Screen Shot 2013-02-18 at 11.51.34

Q. Is there backwards compatibility between vCC 2.0 and older versions, i.e. do you need version 2.0 on both ends?

A. No, there is no backwards compatibility. You must use vCC 2.0 nodes with a vCC 2.0 server.

Q. What is the new “multi-tenant node” in vCC 2.0?

A. This is a new feature in vCC 2.0. A vCloud Service Provider can deploy that node and then let multiple customers use it.

Q. Which version of vCloud Connector is included in vCloud Suite?

A. vCC Advanced is only available in the vCloud Suite. vCC Core is available to all vSphere and vCD customers. vCC Advanced edition lets you extend the logical boundaries of your datacenter and lets you manage a single content catalog across the entire cloud environment.

Q. I would like to copy vApps between vCD 1.5 to 5.1. Can I use vCC?

A. Yes, vCC can be used to copy vApps between the vCD environments. vCC will verify the hardware compatibility before copying a VM/vApp/template to a destination. However, you may run into an issue with vCD 1.5 not supporting HW9/vSphere 5.1. This is the reason we have a flag for the highest allowed HW version on the virtual datacenters. This does not help you with current vApp/VMs, but it is something you should plan for in the future if compatibility is a requirement.

 



Copyright 2018. All rights reserved.

Posted February 19, 2013 by Michelle Laverick in category "Cloud Journal", "vCloud Digest