RSS

Author Archives: Michelle Laverick

About Michelle Laverick

Formerly the founder and owner of "RTFM Education", this is my new blog dedicated to virtualization, cloud, videos, guides, books and other valuable content. In August, 2012 I became VMware's Senior Cloud Infrastructure Evangelist.

Multi-Site/Multiple vCenters and Enhanced Linked Mode Configuration in vSphere 6.5 U1

Note: As ever before you begin – make sure the FQDNs of your proposed PSC and vCenter are listed in DNS – and reserve your IP addresses accordingly. The vCenter install validates your IP/DNS configuration and won’t let you proceed until its correct.

WARNING: Please pay close, close attention to your FQDNs as during the process built-in certificates are created which if you subsequently correct/change hostname will be invalid.

Screen Shot 2018-02-16 at 14.15.02.png

In this scenario – I wanted the appearance of multiple vCenters across many sites – and wish to link them together for ease of administration – and the sharing of licensing repositories. This ensures licenses can be assigned freely around the organisation – and not be “locked” to specific site location. This more distributed model is not supported with the “embedded” deployment type – where the vCenter and PSC service reside in the same instance – and seems to have been introduced with vSphere 6.5 U1. So I would have two PSC and vCenters one for New York and the other for New Jersey.

There now 8 supported topologies for multiple vCenters and “Enhanced” Link Mode – and 3 depreciated one as well. Far too many possible permutations for me to cover – so I would seriously considering studying the documentation in full. I would recommend starting https://kb.vmware.com/s/article/2147672 which gives a good round-up of all them.

VMware’s “Linked Mode” feature has a number of names – from Linked Mode to Enhanced Linked Mode, to now it being also called “Hybrid Link Mode”. Most of the changes have come about as the company pivots away from vCenter’s historical Microsoft Windows roots, to being purely a Linux based Virtual Appliance. However, In 2017, VMware announced a partnership with Amazon to extend vSphere functionality into Amazon Datacenters and integration with its Amazon Web Services (AWS) environment. This development prompted VMware to modify linked-mode functionality to also include management of assets in Amazon’s cloud. Hence “Hybrid” mode is now the favoured term. Hybrid mode in its full functionality is only available for those who have both vSphere on-premises and a vSphere subscription with Amazon. Whatever its name – linked mode addresses a scenario for where multiple vCenter persist for geographical or political reasons – and it has been decided to provide one-login identity to both systems.

It’s entirely possible that you may wish to install another vCenter at different site or location. In this configuration I had a single PSC Domain (vsphere.local) and single Active Directory Domain (corp.local) – but with two SSO sites – one called New York, and the other called New Jersey.

In our case I have two different vCenters and PSC in two different sites – however, they will part of the same SSO domain and linked together. The KB article referenced at the beginning of this section outlines this accordingly – although in my case there will for the moment just one vCenter under each PSC.

RtaImage.png

1 Single Sign-On domain 1 Single Sign-On site 2 or more external Platform Services Controllers

This configuration is not without limitations:

  • In the event of a Platform services Controller failover the vCenter Servers will need to be manually repointed to the functioning Platform Services Controller.
  • vCenter Servers attached to higher latency Platform Services Controller may experience performance issues

New York: PSC – Establishing the SSO Domain

Read the rest of this entry »

 

Posted by on February 21, 2018 in vSphere

Comments Off on Multi-Site/Multiple vCenters and Enhanced Linked Mode Configuration in vSphere 6.5 U1

Lalala… America… Lalala… America

In a couple of weeks I’ll be heading out the States. It will be my first trip across the pond since I attended VMworld in 2016, and had brief but memorable vacation in Shenandoah region of West Virginia. I’m in the Silicon Valley/Bay Area and the guest of Ravello – who as you recall were acquired by Oracle some time ago. If your a vExpert you might interested to know that team at Oracle Ravello Free Lab Program for vExperts will continue again this coming year. I’ll be there because as their team to host Oracle Ravello Blogger Day 2018 (aka #RBD2). It’s a day long event scheduled for March 8, 2018 hosted at the Oracle Conference Center in Redwood Shores, CA. The event will be educational, so I hope to share what I learn on the day with my readers here – and I hope to able catch-up with many of my friends from the community too. As you might know Revello developed what is called the HVX hypervisor – a hypervisor designed to run in a virtual machine – which then allow other hypervisors to run with it – this “nested configuration” is something that has been popular in the world of homelabbers for sometime – but it was Revello who made it commercial available. The concept allows you to folk lift an entire vSphere environment that maybe running on a bare-metal setup – and have it run nested. I know a number of people who switched to in preference to having to maintain and operate physical environment at home. That appears to be just the start – and the company has developed the ability to do this without the VMware ESXi component.

Given the distances involved I opted to spend the week out in the area – mixing catching up friends, a little site seeing (I’ve got an idea to visit the Museum of Computing – as its one of those things I’ve never had the time to do whilst I was out there before)  – as well catching up with my former colleagues from VMware. On the Tuesday I will be meeting a friend and former colleague of mine from my time in the hyper-convergence team at the VMware campus. If anyone wants to hook-up and say hi on the day – and catch-up it would be my pleasure to see you there.

 

Posted by on February 19, 2018 in Announcements

Comments Off on Lalala… America… Lalala… America

Fun and Games with the Platform Service Controller and vCenter in vSphere 6.5 U1

This week I had a run in with the PSC and vCenter in vSphere 6.5 U1. I’m ashamed to admit it was really all my fault – being a bit fat-fingered and hasty in my inputting – I put a bump name in DNS, and then a bum name in the installer as well. That result in SSL certificate mismatches and errors…

So I seriously needed to clean out the guff I’d created and try again. There are couple of KB articles and blogpost that cover this scenario. I found I need to do four step. My life was made easier by enabling SSH on all the appliances along the way – and of course switching to the “Bash” prompt after logging.

I started the process by log in on to one of my functional PSC’s using SSH….

1.) Run cmsso-util command on a functioning PSC to clean out the bum PSC and vCenter references

cmsso-util unregister –node-pnid vcnj.corp.local –username administrator@vsphere.local –passwd VMware1!

cmsso-util unregister –node-pnid vcnj.corp.local –username administrator@vsphere.local –passwd VMware1!

2.) Shutdown the bum virtual appliances

3.) Run the vdcleavefed to really clean out the bum PSC and vCenter references. Despite running cmsso-util the ghostly remains of failed deployment haunted the web-client – indicating they were still there… vdcleavefed allowed me to remove the properly…

/usr/lib/vmware-vmdir/bin/vdcleavefed -h psnj.corp.local -u administrator -w VMware1!

/usr/lib/vmware-vmdir/bin/vdcleavefed -h vcnj.corp.local -u administrator -w VMware1!

4.) Delete the bum virtual appliances

Note: For future reference – it was these two KB articles stitched together that helped me resolve the issue.

https://kb.vmware.com/s/article/2106736

https://kb.vmware.com/s/article/2114233

 

Posted by on February 16, 2018 in vSphere

Comments Off on Fun and Games with the Platform Service Controller and vCenter in vSphere 6.5 U1

Finding the vSphere 6.5 U1 ZIP Administration Guide bundle

This week I had a need to download the official PDF guides to vSphere 6.5 U1. I like having the guides offline because Apple’s Spotlight can index them and make them available for search queries – but also if you in a place where internet access is restricted you can use the offline docs to lookup stuff.

The official landing page for documentation around vSphere is located here:

https://docs.vmware.com/en/VMware-vSphere/index.html

The documentation is in a html and pdf.

Recently VMware has moved all its ‘administration guides” online in a HTML format called “VMware Docs Home” – https://docs.vmware.com/. It is still possible to download an “offline” PDF copy as single .ZIP file. But they have rather “tucked” it away where its tricky to find.  If you need it – it can be found under a node called “Archive Packages”. These links down a single .ZIP file containing all the PDFS

Screen Shot 2018-02-14 at 09.01.56.png

You can download a zip file of all vSphere documentation as a zip file using this link which is current as of today, 14th Feb, 2018….

https://docs.vmware.com/en/VMware-vSphere/6.5/vsphere-documentation-65u1.zip

 

Posted by on February 14, 2018 in vSphere

Comments Off on Finding the vSphere 6.5 U1 ZIP Administration Guide bundle

Restoring a backup of MediaWiki to Bitnami MediaWiki

This week I caused to restore a backup of a mediawiki implementation to a local VM of Mediawiki. I got sent a backup of the database and the image files, and opted to use the pre-package Bitnami Mediawiki Virtual Appliance. Standing up the VM was a relatively easy matter – but the restore of the database took me sometime to crack. I was massively assisted by the Mediawiki formums – in particular Ciencia Al Poder. Who single-handedly reinvigorated my belief in community support models, and was pivotal in getting me up and running.

The Bitnami Mediawiki VM can be downloaded as an .OVA and deployed to a virtualization platform of your choice:

https://bitnami.com/stack/mediawiki/virtual-machine

1.) Record the Bitnami MediaWiki Accounts:

One thing I struggled with was locating all the login. So I’ve brought them all together here. Both the “user” and “root” accounts share the same autogenerated password that’s printed to the console at first boot.

  • To Login to the Virtual Console – username: bitnami password: bitnami
  • To Login to the MediaWiki webpage: username: user password: console screen
  • To Login to PhpAdmin: username: root password: console screen

Read the rest of this entry »

 

Posted by on February 11, 2018 in VMUG Wiki

Comments Off on Restoring a backup of MediaWiki to Bitnami MediaWiki

Free Cisco CCNA Lab Guide (neil@flackbox.com)

My good friend, Neil Anderson has been bizzy again. He’s found the time to write a free Cisco CCNA Lab Guide. Readers  can use it to pass the CCNA exam or as a configuration reference for Cisco routers and switches. There’s a few free guides online but they all cover old out of date exam topics and aren’t great quality, which I guess isn’t surprising when they’re being given away for free. So Neil wanted to produce a guide which is more complete (350+ pages), up to date, better quality and simple to use than all the paid guides out there, but which people can use completely for free. He also has put together a video course, but the PDF stands alone as a complete lab guide which could really help your audience further their careers.

The guide can be found over at this URL: http://www.flackbox.com/cisco-ccna-lab-guide

 

Posted by on October 17, 2017 in Announcements

Comments Off on Free Cisco CCNA Lab Guide (neil@flackbox.com)

A word from my sponsor… Vembu

Vembu is a leading software product development that has been  focussing on Backup and Disaster Recovery software for data centers over a decade. It’s flagship offering- the BDR Suite of products consists of VMBackup for VMware vSphere and Hyper-V, Disk Image backups for Physical machines, Workstations. Backing up individual files and folders to physical servers and cloud can be performed with Vembu Network Backup and Online Backup respectively.

Moreover, it has multiple flexible deployment like on-site, off-site and to the cloud through single user interface. Another offering of the Vembu BDR Suite is to be able to configure item level backups like Microsoft Exchange Servers, Sharepoint, SQL, My SQL, Office 365, G Suite etc., This latest version of Vembu BDR Suite v3.8.0 has come out with the few notable features in two major offerings- one unlimited features for three virtual machines and the second thing being able to backup unlimited virtual machines with restricted features.

Read the rest of this entry »

 

Posted by on October 13, 2017 in Announcements

Comments Off on A word from my sponsor… Vembu

VMware Foundation Update: Aquabox responds to flooding in South Asia

The UK-based charity Aquabox (which is listed as a beneficary on the VMware Foundation) has been heavily involved with relief efforts following widespread floods in South Asia, which have killed more than 1,200 people and affected millions. The severe flooding from monsoon rains has devastated communities and destroyed crops across India, Nepal and Bangladesh, raising fears of food shortages and the risk of disease.

Since its formation in 1992, Aquabox has distributed more than 110,000 humanitarian aid boxes to countries around the world suffering from natural or man-made disasters, helping hundreds of thousands of people, and the charity has been particularly active over the past few weeks.

Within days of the floods, Aquaboxes were airlifted to those areas in dire need of support. Each Aquabox is designed for a family and contains a filter for providing safe drinking water as well as over 70 humanitarian aid items, including shelter materials and tools, blankets and sheets, cooking utensils, personal hygiene items, baby and children’s clothing, educational items and toys.

Aquabox Trustee Roger Cassidy revealed that these boxes had been held in stock in Nepal. “Sadly, the country endures disasters on a regular basis,” explained Roger. “Aquabox has long-established partnerships with Rotary Clubs in Nepal, the British Gurkha Rifles, Nepal Armed Police, Nepalese Army and other agencies, and we were able to work through these organisations to respond quickly and effectively after the floods occurred.”

Aquabox is now sending more aid to both Nepal and Bangladesh over the coming weeks to provide safe drinking water and humanitarian aid to the communities affected, but urgently needs to raise funds for these follow-up shipments and to replenish the strategic stocks held in Nepal.

If you can, please donate through the Aquabox website (www.aquabox.org), or if your company, organisation or club would like to organise a fundraising event and needs any help or advice. Of course when the time comes round again, you can always donate via the VMware Foundation too!

About Aquabox:

Aquabox is a charity affiliated to Rotary International and is based in Wirksworth, Derbyshire.  Established in 1992, Aquabox has shipped over 110,000 boxes of humanitarian aid and filters to provide safe drinking water to communities affected by man-made and natural disasters in more than 50 countries around the world.  The charity relies entirely on donations and fundraising to purchase the aid boxes and their contents. With over 70 volunteers and only one part-time paid administrator, the proportion of donations contributing directly to humanitarian aid is amongst the highest achievable.  Aquabox received the Queen’s Award for Voluntary Service in June 2016, in recognition of the contribution made by the charity and its volunteers and many supporters in helping those in need at times of crisis.

 

Posted by on September 3, 2017 in Announcements

Comments Off on VMware Foundation Update: Aquabox responds to flooding in South Asia

Amazon AWS: To NAT or not to NAT, That is the Question

Yes, I know. When Hamlet holds the skull… It’s not the “To be or not to be” speech… but the one about Yorick. 🙂

Acknowledgment:

I’d like to thank Tim Hynes for reviewing this blog post and giving me valuable feedback. Tim is a fellow vExpert, he is @railroadmanuk on twitter and blogs at http://virtualbrakeman.wordpress.com/

The Conceptual Stuff

I was curious about Amazon options to use NAT inside the VPC construct, so I decide to do some research about its merits. Before I delve into the practicalities – here’s the whys and wherefores.

Amazon recommend a NAT configuration if you have Internet facing web-servers, with backend servers that they communicate to. That statement shows how much the AWS geared around “Web Services”, although it’s fair to say that most applications these days have web-based front-end, with an application server/database server back-end. The alternative to this NAT configuration is to merely have public/private subnets protected with Security Groups – with no NAT. In this setup a heavily secured “jumpbox” or “bastion” instance is used as the access point for those environments – this would be a very typical setup for a test/dev environment where only developers need access to whatever Amazon AWS is hosting…

To get a NAT system up and running you have two main options:

  • “NAT Instance” – The NAT runs as just another instance amongst your other instances. You can use a number of different sized instances provided by Amazon.
  • “NAT Gateway” – This service is configured in the VPC, and has features such as high availability, higher bandwidth capabilities, and less administrative overhead (this method is recommended by Amazon).

I found the NAT Instance method is very easy to setup, and the VPC wizard does a good job updating the VPC “Routing Tables” in order to make sure traffic flows in the right directions. You do however, have to update the Security Groups around the “NAT Instance” to allow it to send and receive traffic – just like any other instance really.

The NAT Gateway method is a tiny bit trickier to setup, and critically is not a Freeium service (remember neither is the NAT Instance really). With the NAT Gateway as you create it you associate it with one of the public subnets inside a VPC, and assign an Elastic IP to it. You do have to manually update the routing tables for the affected (or should that be afflicted?) subnets before traffic flows. The easiest thing is to setup the VPC first, so you can then attach the NAT Gateway to the appropriate public subnet. There are other ways (in terms of order of the process) to do this, but I found this easiest way and the most logical for my brain to wrap its head round. The NAT Gateway is created within a particular “Availability Zone” (AZ) and is implemented with redundancy in mind. And I think it’s for this reason that Amazon recommends it. The NAT Gateways availability is set by which Public Subnet its associated with – so it is possible to create more than one NAT Gateway associated with multiple public subnets in different AZ’s. This web page contains this statement:

“If you have resources in multiple Availability Zones and they share one NAT gateway, in the event that the NAT gateway’s Availability Zone is down, resources in the other Availability Zones lose Internet access. To create an Availability Zone-independent architecture, create a NAT gateway in each Availability Zone and configure your routing to ensure that resources use the NAT gateway in the same Availability Zone.”

And here’s some other nuggets and facts worth highlighting:

  • A NAT Gateway supports 10Gbps of bandwidth;
  • You can’t swap out an elastic IP to an existing NAT Gateway – you have to destroy and re-create it to change the IP
  • Although you can’t wrap a Security Group around NAT Gateway, it does support network ACLs to restrict the traffic it will pass
  • Finally, NAT Gateway’s cannot be used with EC2 Classic-Link. However, this is really a legacy issue and would only impact on customers who have been using Amazon AWS for sometime.

The Practical Stuff

Read the rest of this entry »

 

Posted by on August 27, 2017 in Amazon

Comments Off on Amazon AWS: To NAT or not to NAT, That is the Question

Amazon AWS and VPC Peering Connections

VPC Peering is the way that two VPC’s with distinct CIDR spaces within the same REGION can be linked together. Whether you actually need to do this could be moot – but I can imagine a scenario where each VPC were different companies within in a holding group, or else you were using VPC’s on a departmental basis. You could still maintain separate “root” accounts for billing purposes, as VPC peering can be setup with multiple “root” AWS user accounts. For legal reasons the VPC’s might need to be separated, but they maybe “natural synergies” between companies within the same group or between departments where communication is desirable or needed.

Aside: You should normally be VERY worried when management uses the term “natural synergies”, as it is term that normally suggests two companies merging and job redundancies. Such are the euphemisms of modern employee relations!

Note: I found this Rackspace article useful especially as it outlined some of the limits around using VPC connections and some of the pitfalls of excessive VPC and VPC Peer Connections – https://blog.rackspace.com/vpc-peering-architecture-use-cases-guidance

There are two main “rules” around VPC Peer Connection in Amazon AWS. Firstly, The two VPC’s to be connected together must have own unique CIDR. It’s not possible to VPC Peer a VPC where they both have the same CIDR such as 10.0.x.y/16. Secondly, the VPC can be managed by the SAME Amazon “root” account or as I said a moment ago – DIFFERENT Amazon “root” accounts. If it different accounts the later then the two “root” administrators of the VPC’s would have to work together as credentials are needed on both sides.

I see this as being a lot like the “trust” relationships we used to make manually in the not so good old days of Windows NT4 (God, how that ages me!). However, if you of my generation you might remember that before “Active Directory” those trust relationships were not transitive. So just because VPC1 connects to VCP2 and VCP2 connects to VCP3, it does NOT follow that VCP1 can communicate to VCP3. So the VCP Peering Connections do not flow from one VPC seamlessly to another.

The VPC Peering wizard creates a “PCX” target that can be referenced in the routing tables to allow communication to pass from one VCP to another. When using the VCP wizard one side of the relationship between the VCP acts as the “Requester”, and the opposite side acts as the “Acceptor”. The communication is automatically two-way so there’s no need to create the VPC Peering Connection twice. If you making the VCP Peering Connection between two VCP under the SAME Amazon “root” account you merely select two different VPCs – as you are both the “requestor” and “acceptor” at the same time.

So in the screen grab below the “Requestor” is my VCP called “Prod” using 10.0.x.y./16 as the CIDR, and the “Acceptor” is my VCP called “Dev” with the CIDR of 10.1.x.y/16. The fields are completed by merely browsing the VPC metadata queried using the currently used “root” account.

Read the rest of this entry »

 

Posted by on August 20, 2017 in Amazon

Comments Off on Amazon AWS and VPC Peering Connections