February 16

Fun and Games with the Platform Service Controller and vCenter in vSphere 6.5 U1

This week I had a run in with the PSC and vCenter in vSphere 6.5 U1. I’m ashamed to admit it was really all my fault – being a bit fat-fingered and hasty in my inputting – I put a bump name in DNS, and then a bum name in the installer as well. That result in SSL certificate mismatches and errors…

So I seriously needed to clean out the guff I’d created and try again. There are couple of KB articles and blogpost that cover this scenario. I found I need to do four step. My life was made easier by enabling SSH on all the appliances along the way – and of course switching to the “Bash” prompt after logging.

I started the process by log in on to one of my functional PSC’s using SSH….

1.) Run cmsso-util command on a functioning PSC to clean out the bum PSC and vCenter references

cmsso-util unregister –node-pnid vcnj.corp.local –username administrator@vsphere.local –passwd VMware1!

cmsso-util unregister –node-pnid vcnj.corp.local –username administrator@vsphere.local –passwd VMware1!

2.) Shutdown the bum virtual appliances

3.) Run the vdcleavefed to really clean out the bum PSC and vCenter references. Despite running cmsso-util the ghostly remains of failed deployment haunted the web-client – indicating they were still there… vdcleavefed allowed me to remove the properly…

/usr/lib/vmware-vmdir/bin/vdcleavefed -h psnj.corp.local -u administrator -w VMware1!

/usr/lib/vmware-vmdir/bin/vdcleavefed -h vcnj.corp.local -u administrator -w VMware1!

4.) Delete the bum virtual appliances

Note: For future reference – it was these two KB articles stitched together that helped me resolve the issue.

https://kb.vmware.com/s/article/2106736

https://kb.vmware.com/s/article/2114233

Category: vSphere | Comments Off on Fun and Games with the Platform Service Controller and vCenter in vSphere 6.5 U1
February 14

Finding the vSphere 6.5 U1 ZIP Administration Guide bundle

This week I had a need to download the official PDF guides to vSphere 6.5 U1. I like having the guides offline because Apple’s Spotlight can index them and make them available for search queries – but also if you in a place where internet access is restricted you can use the offline docs to lookup stuff.

The official landing page for documentation around vSphere is located here:

https://docs.vmware.com/en/VMware-vSphere/index.html

The documentation is in a html and pdf.

Recently VMware has moved all its ‘administration guides” online in a HTML format called “VMware Docs Home” – https://docs.vmware.com/. It is still possible to download an “offline” PDF copy as single .ZIP file. But they have rather “tucked” it away where its tricky to find.  If you need it – it can be found under a node called “Archive Packages”. These links down a single .ZIP file containing all the PDFS

Screen Shot 2018-02-14 at 09.01.56.png

You can download a zip file of all vSphere documentation as a zip file using this link which is current as of today, 14th Feb, 2018….

https://docs.vmware.com/en/VMware-vSphere/6.5/vsphere-documentation-65u1.zip

Category: vSphere | Comments Off on Finding the vSphere 6.5 U1 ZIP Administration Guide bundle
February 11

Restoring a backup of MediaWiki to Bitnami MediaWiki

This week I caused to restore a backup of a mediawiki implementation to a local VM of Mediawiki. I got sent a backup of the database and the image files, and opted to use the pre-package Bitnami Mediawiki Virtual Appliance. Standing up the VM was a relatively easy matter – but the restore of the database took me sometime to crack. I was massively assisted by the Mediawiki formums – in particular Ciencia Al Poder. Who single-handedly reinvigorated my belief in community support models, and was pivotal in getting me up and running.

The Bitnami Mediawiki VM can be downloaded as an .OVA and deployed to a virtualization platform of your choice:

https://bitnami.com/stack/mediawiki/virtual-machine

1.) Record the Bitnami MediaWiki Accounts:

One thing I struggled with was locating all the login. So I’ve brought them all together here. Both the “user” and “root” accounts share the same autogenerated password that’s printed to the console at first boot.

  • To Login to the Virtual Console – username: bitnami password: bitnami
  • To Login to the MediaWiki webpage: username: user password: console screen
  • To Login to PhpAdmin: username: root password: console screen

Continue reading

Category: VMUG Wiki | Comments Off on Restoring a backup of MediaWiki to Bitnami MediaWiki
October 17

Free Cisco CCNA Lab Guide (neil@flackbox.com)

My good friend, Neil Anderson has been bizzy again. He’s found the time to write a free Cisco CCNA Lab Guide. Readers  can use it to pass the CCNA exam or as a configuration reference for Cisco routers and switches. There’s a few free guides online but they all cover old out of date exam topics and aren’t great quality, which I guess isn’t surprising when they’re being given away for free. So Neil wanted to produce a guide which is more complete (350+ pages), up to date, better quality and simple to use than all the paid guides out there, but which people can use completely for free. He also has put together a video course, but the PDF stands alone as a complete lab guide which could really help your audience further their careers.

The guide can be found over at this URL: http://www.flackbox.com/cisco-ccna-lab-guide

Category: Announcements | Comments Off on Free Cisco CCNA Lab Guide (neil@flackbox.com)
October 13

A word from my sponsor… Vembu

Vembu is a leading software product development that has been  focussing on Backup and Disaster Recovery software for data centers over a decade. It’s flagship offering- the BDR Suite of products consists of VMBackup for VMware vSphere and Hyper-V, Disk Image backups for Physical machines, Workstations. Backing up individual files and folders to physical servers and cloud can be performed with Vembu Network Backup and Online Backup respectively.

Moreover, it has multiple flexible deployment like on-site, off-site and to the cloud through single user interface. Another offering of the Vembu BDR Suite is to be able to configure item level backups like Microsoft Exchange Servers, Sharepoint, SQL, My SQL, Office 365, G Suite etc., This latest version of Vembu BDR Suite v3.8.0 has come out with the few notable features in two major offerings- one unlimited features for three virtual machines and the second thing being able to backup unlimited virtual machines with restricted features.

Continue reading

Category: Announcements | Comments Off on A word from my sponsor… Vembu
September 3

VMware Foundation Update: Aquabox responds to flooding in South Asia

The UK-based charity Aquabox (which is listed as a beneficary on the VMware Foundation) has been heavily involved with relief efforts following widespread floods in South Asia, which have killed more than 1,200 people and affected millions. The severe flooding from monsoon rains has devastated communities and destroyed crops across India, Nepal and Bangladesh, raising fears of food shortages and the risk of disease.

Since its formation in 1992, Aquabox has distributed more than 110,000 humanitarian aid boxes to countries around the world suffering from natural or man-made disasters, helping hundreds of thousands of people, and the charity has been particularly active over the past few weeks.

Within days of the floods, Aquaboxes were airlifted to those areas in dire need of support. Each Aquabox is designed for a family and contains a filter for providing safe drinking water as well as over 70 humanitarian aid items, including shelter materials and tools, blankets and sheets, cooking utensils, personal hygiene items, baby and children’s clothing, educational items and toys.

Aquabox Trustee Roger Cassidy revealed that these boxes had been held in stock in Nepal. “Sadly, the country endures disasters on a regular basis,” explained Roger. “Aquabox has long-established partnerships with Rotary Clubs in Nepal, the British Gurkha Rifles, Nepal Armed Police, Nepalese Army and other agencies, and we were able to work through these organisations to respond quickly and effectively after the floods occurred.”

Aquabox is now sending more aid to both Nepal and Bangladesh over the coming weeks to provide safe drinking water and humanitarian aid to the communities affected, but urgently needs to raise funds for these follow-up shipments and to replenish the strategic stocks held in Nepal.

If you can, please donate through the Aquabox website (www.aquabox.org), or if your company, organisation or club would like to organise a fundraising event and needs any help or advice. Of course when the time comes round again, you can always donate via the VMware Foundation too!

About Aquabox:

Aquabox is a charity affiliated to Rotary International and is based in Wirksworth, Derbyshire.  Established in 1992, Aquabox has shipped over 110,000 boxes of humanitarian aid and filters to provide safe drinking water to communities affected by man-made and natural disasters in more than 50 countries around the world.  The charity relies entirely on donations and fundraising to purchase the aid boxes and their contents. With over 70 volunteers and only one part-time paid administrator, the proportion of donations contributing directly to humanitarian aid is amongst the highest achievable.  Aquabox received the Queen’s Award for Voluntary Service in June 2016, in recognition of the contribution made by the charity and its volunteers and many supporters in helping those in need at times of crisis.

Category: Announcements | Comments Off on VMware Foundation Update: Aquabox responds to flooding in South Asia
August 27

Amazon AWS: To NAT or not to NAT, That is the Question

Yes, I know. When Hamlet holds the skull… It’s not the “To be or not to be” speech… but the one about Yorick. 🙂

Acknowledgment:

I’d like to thank Tim Hynes for reviewing this blog post and giving me valuable feedback. Tim is a fellow vExpert, he is @railroadmanuk on twitter and blogs at http://virtualbrakeman.wordpress.com/

The Conceptual Stuff

I was curious about Amazon options to use NAT inside the VPC construct, so I decide to do some research about its merits. Before I delve into the practicalities – here’s the whys and wherefores.

Amazon recommend a NAT configuration if you have Internet facing web-servers, with backend servers that they communicate to. That statement shows how much the AWS geared around “Web Services”, although it’s fair to say that most applications these days have web-based front-end, with an application server/database server back-end. The alternative to this NAT configuration is to merely have public/private subnets protected with Security Groups – with no NAT. In this setup a heavily secured “jumpbox” or “bastion” instance is used as the access point for those environments – this would be a very typical setup for a test/dev environment where only developers need access to whatever Amazon AWS is hosting…

To get a NAT system up and running you have two main options:

  • “NAT Instance” – The NAT runs as just another instance amongst your other instances. You can use a number of different sized instances provided by Amazon.
  • “NAT Gateway” – This service is configured in the VPC, and has features such as high availability, higher bandwidth capabilities, and less administrative overhead (this method is recommended by Amazon).

I found the NAT Instance method is very easy to setup, and the VPC wizard does a good job updating the VPC “Routing Tables” in order to make sure traffic flows in the right directions. You do however, have to update the Security Groups around the “NAT Instance” to allow it to send and receive traffic – just like any other instance really.

The NAT Gateway method is a tiny bit trickier to setup, and critically is not a Freeium service (remember neither is the NAT Instance really). With the NAT Gateway as you create it you associate it with one of the public subnets inside a VPC, and assign an Elastic IP to it. You do have to manually update the routing tables for the affected (or should that be afflicted?) subnets before traffic flows. The easiest thing is to setup the VPC first, so you can then attach the NAT Gateway to the appropriate public subnet. There are other ways (in terms of order of the process) to do this, but I found this easiest way and the most logical for my brain to wrap its head round. The NAT Gateway is created within a particular “Availability Zone” (AZ) and is implemented with redundancy in mind. And I think it’s for this reason that Amazon recommends it. The NAT Gateways availability is set by which Public Subnet its associated with – so it is possible to create more than one NAT Gateway associated with multiple public subnets in different AZ’s. This web page contains this statement:

“If you have resources in multiple Availability Zones and they share one NAT gateway, in the event that the NAT gateway’s Availability Zone is down, resources in the other Availability Zones lose Internet access. To create an Availability Zone-independent architecture, create a NAT gateway in each Availability Zone and configure your routing to ensure that resources use the NAT gateway in the same Availability Zone.”

And here’s some other nuggets and facts worth highlighting:

  • A NAT Gateway supports 10Gbps of bandwidth;
  • You can’t swap out an elastic IP to an existing NAT Gateway – you have to destroy and re-create it to change the IP
  • Although you can’t wrap a Security Group around NAT Gateway, it does support network ACLs to restrict the traffic it will pass
  • Finally, NAT Gateway’s cannot be used with EC2 Classic-Link. However, this is really a legacy issue and would only impact on customers who have been using Amazon AWS for sometime.

The Practical Stuff

Continue reading

Category: Amazon | Comments Off on Amazon AWS: To NAT or not to NAT, That is the Question
August 20

Amazon AWS and VPC Peering Connections

VPC Peering is the way that two VPC’s with distinct CIDR spaces within the same REGION can be linked together. Whether you actually need to do this could be moot – but I can imagine a scenario where each VPC were different companies within in a holding group, or else you were using VPC’s on a departmental basis. You could still maintain separate “root” accounts for billing purposes, as VPC peering can be setup with multiple “root” AWS user accounts. For legal reasons the VPC’s might need to be separated, but they maybe “natural synergies” between companies within the same group or between departments where communication is desirable or needed.

Aside: You should normally be VERY worried when management uses the term “natural synergies”, as it is term that normally suggests two companies merging and job redundancies. Such are the euphemisms of modern employee relations!

Note: I found this Rackspace article useful especially as it outlined some of the limits around using VPC connections and some of the pitfalls of excessive VPC and VPC Peer Connections – https://blog.rackspace.com/vpc-peering-architecture-use-cases-guidance

There are two main “rules” around VPC Peer Connection in Amazon AWS. Firstly, The two VPC’s to be connected together must have own unique CIDR. It’s not possible to VPC Peer a VPC where they both have the same CIDR such as 10.0.x.y/16. Secondly, the VPC can be managed by the SAME Amazon “root” account or as I said a moment ago – DIFFERENT Amazon “root” accounts. If it different accounts the later then the two “root” administrators of the VPC’s would have to work together as credentials are needed on both sides.

I see this as being a lot like the “trust” relationships we used to make manually in the not so good old days of Windows NT4 (God, how that ages me!). However, if you of my generation you might remember that before “Active Directory” those trust relationships were not transitive. So just because VPC1 connects to VCP2 and VCP2 connects to VCP3, it does NOT follow that VCP1 can communicate to VCP3. So the VCP Peering Connections do not flow from one VPC seamlessly to another.

The VPC Peering wizard creates a “PCX” target that can be referenced in the routing tables to allow communication to pass from one VCP to another. When using the VCP wizard one side of the relationship between the VCP acts as the “Requester”, and the opposite side acts as the “Acceptor”. The communication is automatically two-way so there’s no need to create the VPC Peering Connection twice. If you making the VCP Peering Connection between two VCP under the SAME Amazon “root” account you merely select two different VPCs – as you are both the “requestor” and “acceptor” at the same time.

So in the screen grab below the “Requestor” is my VCP called “Prod” using 10.0.x.y./16 as the CIDR, and the “Acceptor” is my VCP called “Dev” with the CIDR of 10.1.x.y/16. The fields are completed by merely browsing the VPC metadata queried using the currently used “root” account.

Continue reading

Category: Amazon | Comments Off on Amazon AWS and VPC Peering Connections
August 3

Vembu BDR Suite v3.8: What’s New?

 

Vembu has released a new version of their BDR Suite (Version 3.8) with a whole host of new features – here’s a round-up!

Disk Image Backup from BDR Server

Disk Image Backups can now be configured and managed via Vembu BDR Server. Relying on proxy agents is no longer required, unless it’s a distributed deployment which require individual proxy agent installation.

FLR from GUI (Backup & Replication)

File Level Recovery(FLR) is now available for both backup and  replication jobs where user can choose specific files and folders from VMware/Hyper-V/Disk Image backups and VMware replication, to be restored in a quick fashion.

Seed load backup data to OffsiteDR

Storing copy of backup data for DR requirements is now an easy task to be accomplished by seed loading backup server data to desired offsite data center. This save loads of time and bandwidth from being consumed.

Auto Authorization

Enabling Auto authorization in Vembu BDR allows proxy agents to get registered to backup server using unique registration key generated by respective BDR server.

Encryption Settings

Users can now provide additional security to their disk based backup jobs by assigning custom-password to backup server, such that all their backup data will be encrypted and can be restored/accessed only by providing the custom-password.

Storage Pooling

Storage Pools are used to aggregate the space available from different volumes and utilise them as a storage for specific backups. The hybrid volume manager of Vembu BDR Server supports scalable and extendable backup storage for different storage media such as Local drives, NAS(NFS and CIFS) and SAN(iSCSI and FC). Vembu BDR provides storage pooling option for both backup level and group level.

MSI Installer : For all Clients

Users will now get the client agents installer as .msi format also.The installer will check for the following packages based on the OS types (32 bit or 64 bit) and it will install the following (if not installed previously),

  • Visual C++ 2008 redistributable packages x86
  • Visual C++ 2008 redistributable packages x64
  • Visual C++ 2013 redistributable packages x64
  • Visual C++ 2015 redistributable packages x86

Continue reading

Category: Announcements | Comments Off on Vembu BDR Suite v3.8: What’s New?
August 1

We’re off to see the Wizard, the Wonderful Wizard of AWS

Note: Just to say this title is meant to be a humorous and silly pun. I actually think the Amazon wizards in the main are pretty good, and in fact pretty invaluable.

Acknowledgement: I’d like to thank vExpert, Jame Kilby for reviewing this blog post prior to publication. You can follow James on twitter at https://twitter.com/jameskilbynet and he blogs at https://www.jameskilby.co.uk/

In my previous blog post I was writing about how important planning stuff upfront in any cloud environment is. Not just because this is a good practice in system design, but because so many cloud environments are resistant to the kind of arbitrary ad-hoc SysAdmin changes, that could be so easily done to fix problem in an on-premises virtualization platform. In this post I’m turning my attention to something less high-fluting and more down in the weeds.

When I was working my through the PluralSight SysOps Admin training I was following the demo’s with my Amazon AWS Console open. Mainly playing “spot the differences”. Let me make something clear – the Pluralsight training is pretty good and an excellent foundation to getting stuck in and learning more. I believe it’s going to get harder and harder to keep ALL training materials up to date and current. Cloud environments are almost naturally more “agile” (hateful word – sorry I have thing against the way our industry brutalizes my native tongue). This means it’s really hard for training materials and guides to keep track. It’s partly the reason I’ve abandoned the whole step-by-step tutorials that I did in the past. I will leave that work to the big boys – like Amazon/Microsoft/Google as they have for more resources and time. But my plan was always to go back through my notes on the course (48 pages!) to both revises what I learned; inspire new blogging content – but also go back a research those differences I’d noted. I didn’t do that there and then whilst the video rolled. It would have slowed up my pace of the training. But now I feel I have the time to check those out.

To whit. Once thing I notice is when you create a VPC in Amazon AWS using the wizard you get some new options that the Pluralsight videos didn’t dwell or mention. Incidentally, as a rule I despise wizards, however in the context of Amazon AWS I would recommend them. They often automate many tasks, and thus meet certain dependencies – and speed up the process of setup (unless you decide to go down the scripting route). I think the key with the Amazon AWS wizard is understanding exactly what is being automated, and where those settings reside. This reduces the feeling that it’s the “Wizard of Oz” pulling strings behind a curtain, with you being clueless on what he’s up to. The other thing I would recommend is that if they’re 4 different routes through a wizard – go through it four times. The best way to learn a technology is to expose your self to the reality, rather than the theory. When I was an Microsoft Certified Trainer in the ‘90s, there was an awful lot of “you can do this configuration” but then it was never gone through. One way I expanded my knowledge at the time was actually trying these “theoretical configurations” – you certainly learned that often you can do something, its often comes with major dental work, to replace all the teeth you lost putting it together…

So… less pre-amble, more amble. Here’s a screengrab of the VPC wizard from PluralSight…

Continue reading

Category: Amazon | Comments Off on We’re off to see the Wizard, the Wonderful Wizard of AWS