Apache Struts 2 vulnerability and vCenter

News came out last week about the Apache Struts 2 vulnerability. There are numerous products affected by this vulnerability, but on the VMware side you have Horizon DaaS, vCenter, VROps and Hyperic. This is listed as a Critical severity.

On the vCenter side, this is for the virtual appliance and the Windows version of vCenter for 6.0.x and 6.5.

The question came up, is it a specific build of vCenter 6.0.x? If you look at KB 2149434 it lists 6.0.x. There is no 6.1 version of vCenter. VMware vCenter only has updates 1 through 3. VMware went directly from 6.0.x to 6.5. VMware only has a work around for now until they come out with a patch.

Storage adapter best practices and Tintri

I recently had a coworker come to me with a stack of articles on configuring adapters for storage arrays. He is new to Tintri and didn’t know about the best practice feature added in to the web plugin.

Did you know, that in the web plugin there is a feature to set the best practices for each host connected to Tintri storage? Once your storage is mounted to a host, you can apply the best practices to the host. This is not a new feature, it has been around for  while and works with all models of Tintri storage. It is just not common to see vendors offer such a feature. Most often when you get one of the big storage vendors, it require consulting hours to fine tune the array and hosts connected.

Page 12 of the admin guide explains how it works. In later 2.x versions the function may move around in the web client.

Dell vCenter Management plugin 1.7 and server iDRAC updates error

If you run iDRAC updates on your VMware hosts you might run in to this error with the Dell Management plug-in for VMware vCenter. “Fail – Unable to contact iDRAC. Check iDRAC credentials and network connectivity”.

capture3

 

 

 

 

 

I ran in to this when upgrading the iDRAC from 2.30.30 to 2.40.40. I was able to log in to the iDRAC directly and ping the iDRAC from the Dell virtual appliance. The Dell vCenter plugin was the only thing that could not log on to the host iDRAC. The issue turned out to be located in the iDRAC settings under network/services. The web server needs to be set to TLS 1.0.

capture4

 

 

 

 

 

Unfortunately the Dell OMI only works with 1.0, but they hope to have it upgraded in the future.

So your option is to change the TLS settings in the iDRAC or leave your iDRAC firmware lower than 2.40.40.

My thoughts on VMworld 2016

It was great to have the opportunity to visit VMworld again this year and connect with old friends and new ones. This years VMworld was held in Las Vegas. I have to say that I prefer this location over San Francisco. There are many more entertainment options available over San Francisco. Repeat visitors to VMworld know what I am talking about. I think I did everything in San Francisco the first couple of year I attended the conference. Vegas just has much more to offer in the city. The venue at Mandalay Bay was very nice, but I liked it more when it was at the Venetian. Plus the hotel rooms are not $500 a night with shared bathrooms like San Francisco.

But VMworld is not really about having a work vacation. The content VMworld provides is the best. The solutions exchange, sessions and labs are fantastic. This year seemed to have many new vendors on the floor. I think the newest product I saw that interested me was from RuneCast. I’m surprised they did not win any awards. They have a analyzer product you should download and try out. This year on the solutions exchange floor it did not feel like everything was about public cloud products. There was a good mix of options for enterprise environments.

Of course it was great to see the guys from Tintri and Dell. Although, Dell was really lacking on the equipment side. They mentioned the Compellent array was lost in shipping. We were hoping to see some of the newer controllers. I also have to say thank you to our local UDI team for sticking with us for a couple of days.

I dropped by the education center during the conference and learned that the VCAP6-DCV Deploy exam had been released a couple of days prior to the conference. I have been waiting for this one for some time to become VCIX6-DCV. Now I just need to learned all that command line stuff for VSAN and pony up that $400 for the exam.

I usually don’t like to talk about negative things, but I have to mention that I stopped by the expert bar in the solutions exchange to get some answers on upgrading 5.5 to 6.x. The person who was an expert on vSphere mentioned that I should upgrade to vSphere 6.2. I said “6.2, when did that come out?”. He said “it’s been out for a few months, I’m surprise you have not hear about it”. I said “wow, I’m really out of touch, I didn’t even know about 6.1”. Turns out, the latest release is 6.0 update 2. Maybe the guys at the expert booth were just tired from talking all day. Do they get breaks?

Will I go back next year? Possibly. I just hope it will be in Vegas again.

 

How many people hold VMware certifications?

This is an interesting map VMware create to show how dispersed VMware certifications are across the world…

http://blogs.vmware.com/education/2015/12/where-in-the-world-are-vcps-infographic.html

http://blogs.vmware.com/education/2016/04/where-in-the-world-are-vcaps-infographic.html

 

 

 

Skype for Business on vSphere

Is it support? That is an interesting question if you ask a Microsoft consulting company. You might just get a mixed bag of answers. The goal of a Microsoft consulting company is to push HyperV.  Lync and Skype for Business are absolutely supported on VMware hypervisors. It falls under the “Server Virtualization Validation Program” from Microsoft. UC products like Skype and Lync do not fall under the same restrictions as Exchange when it comes to the storage platform. Microsoft will not support Exchange if it is on NFS storage (even though the same conditions for the restrictions exist in SMB3). There is no known restrictions on storage platform for Lync or Skype.

The design considerations in the “Planning a Lync Server 2013 Deployment on Virtual Servers” guide are all geared towards HyperV. VMware took up issues with this article (detailed here) and asked why Microsoft never created a validation document for VMware (clearly a market leader). To date, there still has not been a document published by Microsoft, and I do not expect them to publish a favorable article for a competing product. As far as designing your environment, do use the guidelines listed by Microsoft, but pay not attention to the restrictions on HyperThreading and memory sharing. There is not a good technical justification from Microsoft to disable these options when using VMware products.

I work in an environment where I have a multi pool global Skype deployment for 5,000 users and a US pool for 5,000 users all running on vSphere. I have not had any hypervisor related issues and I’ve never had issues with Microsoft support when it comes to having the platform on VMware products.

Don’t be persuaded that vSphere is not the best platform for Skype or Lync. I’ve heard comments like “so you’ve chosen the most expensive and complex product for your environment” or “you are not guaranteed to get support from Microsoft if you have issues in your environment”. That last statement would be somewhat true if the environment was poorly designed. Just make sure your design considerations fall within Microsoft guidelines.

 

 

 

 

VMware ROBO license usage

VMware ROBO license model was announced last year. Since the announcement, it was very difficult to get any clear information on how you actually use ROBO licenses. The licenses are sold in 25 packs and they keys are licensed “per site”.  I call support to get a definition of what “per site” meant. Was it a location, a data center, a cluster or a host? Support really couldn’t help, they only concluded that a site was a physical location.

The most difficult part of testing ROBO licenses is that there is no trial license, not even vExperts get a ROBO key.

I recently had an an opportunity to deploy two separate data centers with ROBO keys. When VMware says a key must be licensed per site, that means the key you purchase must be used in one location, just like you would with any other product key. But, the ROBO keys can be split up for the number of virtual machines you need to run in each location, just like an enterprise  or enterprise plus key can be broken up in to how many host sockets you need to license.

Lets say you have two different data centers with a requirement to run 10 virtual machines in one data center and 15 in another data center. You would log in to your VMware license portal at VMware.com and divide or combine your ROBO licenses to the amount you need for each key. You can do the same for vSphere Enterprise keys based on how many hosts you want to license. These license keys are then applied to each host. The license key keeps track of how many powered on virtual machines you have based on the ROBO license key applied to each host. So, you can have 10 hosts in one data center with a ROBO key for 10 virtual machines (but you must purchase the keys in 25 packs). A big cost savings vs purchasing licenses for each socket in each host. Imagine having 10 hosts with quad 16 core processors and only having to license based on the number of virtual machines you are running. I think VMware’s intention for this license model was meant for remote branch offices, but I have not found anything that says it cannot be used in a primary data center.

VMware has ROBO standard and advanced. Both have the same features you would expect to see in the host licenses for Enterprise and Enterprise Plus. After you install the license key in the host, it looks something like this:

ROBO key1

You then get a layout of the license key information:

ROBO key2

If you do have a remote branch that uses 25 virtual machines and you need to license the 26th, you then purchase a 25 pack of licenses. You would then combine your two 25 packs of licenses for one key of 50 licenses. You would then divide that key in to 26 and 24. That 26 key would then replace your existing key.

 

Where is the VCIX6-DCV exam?

With much cheering and confusion, the VCIX exams were announced last February.

http://blogs.vmware.com/education/2015/03/migration-paths-v5-certification-v6.html

Current VCAPs wondered, “what do I need to upgrade?”. The upgrade path for current VCAP-DCA and VCAP-DCD holders seems clear enough in the link above.

Where is the exam? Well, VMware education released the VCIX-NV right away. There is still no definite date when the VCIX6-DCV will be released. This is the word I received from VMware education:

“I would like to inform you that, VMware is in process of releasing VCP6-DCV Exam now, so after this VCIX6-DCV Exam should be release. Please note that, as of now we do not have exact date of the release or the update, most probably it should be release by the end of the year. Please go through our website blog.vmware.com for the upcoming updates.”

I really had high hopes that the exams would be released in time for VMworld 2015, but it looks like more towards the end of the year. I would say to anyone who has been thinking of holding off on taking the VCAP-DCD or DCA, go ahead and take the exams now.

VMware has provided a link that you can sign up for notifications for the exam release. http://t.co/Q51DTBSjM2

VCAP5-DCD : a pass is a pass

So I sat the exam 5/6/15, for the 4th time I think. I tried once when the VCAP-DCD 4 came out in 2011, I tried once on ver 5.1 in 2012 and once with the latest 5.5 exam a the last VMworld (which ended in a crashed exam). Each time I got within 10 to 20 points from passing. Each time I took the exam it was years apart. I had schedule the exam maybe 3 other times, but had to cancel for various reasons. All of the material I know, I think for me personally I just had personal life events and tremendous workloads that got in the way of my focus to pass the exam. Each time I did not pass I took to the forums to rant about how oddly the questions were worded. I don’t think has changed. One thing I struggled with was figuring out the vision of the answers in the exam. From what I gather, a room full of VCDX’s came up with the questions. They structured these vague questions in a manner to where one (or some) of the answers are correct. I tried to vision what they may be looking for. Almost all of the questions seem debatable, which leaves room for mistakes if you don’t put on a VCDX hat.

I can’t say the exam is any easier, I just took my time studying over a few months. I am familiar with all of the terms, it was more like a review. There is no one source you can turn to that will help you pass the exam. The blueprint is a guide that will reference all types of documents. The VMware design workshop will not give you 100% of what you need to pass the exam either, but it will help if you are just getting stared with design. This is not an exam that you can just pick up a book and read. It will take some real world experience to conqueror this exam.

The things that helped me?

– Of course Jason Grierson’s exam engine over at http://www.virtualtiers.net. This will give you a great understanding of what VMware is looking for when you do the design questions. The site is still a work in progress, but you get the feel for the design and drag & drop questions. Read through his study guide at the end as well. There are some really good topics for the exam. Especially helpful is the NIOC exercise to help you structure host limits, adapter shares and share values. If you see this guy at VMworld, buy him a beer!

– I have Scott Lowe’s design 2nd edition book. That does help. It is a design book to get you thinking about VMware design in general. A lot of the exam topics are covered in the book, but it doesn’t give you an translation into how VMware will word the exam questions based on his material. It’s really up to you to pick out key terms.

– I listened to the vBrownBag VCAP-DCD podcasts every day on my way in to work. If you have time to kill on your commute, listen to them.

– The google+ community is a real help. Scroll through some of the material, you may find some golden nuggets in there.

– There is a set of great videos from Scott Lowe on Pluralsight that I have been watching. It is the Designing VMware Infrastructure course. It is from 2012, but it has the core parts of the DCD exam. I just wish there was a refreshed series that covered all of the products in the exam blueprint like VSA, VSAN, SRM, HeartBeat and others.

– I have my own set of links on my site also that I use.

Really, you have to find your favorite study guide that is out there. I have seen some that break down the blueprint into multiple links. I can’t tell you how many times I started to do that, but it gets so long.

I took the exam around 11AM. I was lucky and got a testing center that had the monitor facing a wall. I hate the exam centers where you have to see someone over your monitor or have distracting things all around you. I did all of the design questions first and marked all of the other for review. I was left with 80 minutes (I think) to go back and finish everything up. At the end I was left with 10 or 15 minutes. I went back to review some of the weirdest questions I had ever seen. I decided to stick with my answers and scored a 306. A pass, is a pass, is a pass.

So what now? Well, for starters I need to update all my email signatures. At some point this summer I will shot for the VCAP-DCA once ver 6 comes out. Will the certification mean more money in the role I am in? Probably not, but who knows what opportunities could be on the horizon.

 

vcap5-dca_logo_sm2