Dell vCenter Management plugin 1.7 and server iDRAC updates error

If you run iDRAC updates on your VMware hosts you might run in to this error with the Dell Management plug-in for VMware vCenter. “Fail – Unable to contact iDRAC. Check iDRAC credentials and network connectivity”.

capture3

 

 

 

 

 

I ran in to this when upgrading the iDRAC from 2.30.30 to 2.40.40. I was able to log in to the iDRAC directly and ping the iDRAC from the Dell virtual appliance. The Dell vCenter plugin was the only thing that could not log on to the host iDRAC. The issue turned out to be located in the iDRAC settings under network/services. The web server needs to be set to TLS 1.0.

capture4

 

 

 

 

 

Unfortunately the Dell OMI only works with 1.0, but they hope to have it upgraded in the future.

So your option is to change the TLS settings in the iDRAC or leave your iDRAC firmware lower than 2.40.40.

My thoughts on VMworld 2016

It was great to have the opportunity to visit VMworld again this year and connect with old friends and new ones. This years VMworld was held in Las Vegas. I have to say that I prefer this location over San Francisco. There are many more entertainment options available over San Francisco. Repeat visitors to VMworld know what I am talking about. I think I did everything in San Francisco the first couple of year I attended the conference. Vegas just has much more to offer in the city. The venue at Mandalay Bay was very nice, but I liked it more when it was at the Venetian. Plus the hotel rooms are not $500 a night with shared bathrooms like San Francisco.

But VMworld is not really about having a work vacation. The content VMworld provides is the best. The solutions exchange, sessions and labs are fantastic. This year seemed to have many new vendors on the floor. I think the newest product I saw that interested me was from RuneCast. I’m surprised they did not win any awards. They have a analyzer product you should download and try out. This year on the solutions exchange floor it did not feel like everything was about public cloud products. There was a good mix of options for enterprise environments.

Of course it was great to see the guys from Tintri and Dell. Although, Dell was really lacking on the equipment side. They mentioned the Compellent array was lost in shipping. We were hoping to see some of the newer controllers. I also have to say thank you to our local UDI team for sticking with us for a couple of days.

I dropped by the education center during the conference and learned that the VCAP6-DCV Deploy exam had been released a couple of days prior to the conference. I have been waiting for this one for some time to become VCIX6-DCV. Now I just need to learned all that command line stuff for VSAN and pony up that $400 for the exam.

I usually don’t like to talk about negative things, but I have to mention that I stopped by the expert bar in the solutions exchange to get some answers on upgrading 5.5 to 6.x. The person who was an expert on vSphere mentioned that I should upgrade to vSphere 6.2. I said “6.2, when did that come out?”. He said “it’s been out for a few months, I’m surprise you have not hear about it”. I said “wow, I’m really out of touch, I didn’t even know about 6.1”. Turns out, the latest release is 6.0 update 2. Maybe the guys at the expert booth were just tired from talking all day. Do they get breaks?

Will I go back next year? Possibly. I just hope it will be in Vegas again.

 

How many people hold VMware certifications?

This is an interesting map VMware create to show how dispersed VMware certifications are across the world…

http://blogs.vmware.com/education/2015/12/where-in-the-world-are-vcps-infographic.html

http://blogs.vmware.com/education/2016/04/where-in-the-world-are-vcaps-infographic.html

 

 

 

Skype for Business on vSphere

Is it support? That is an interesting question if you ask a Microsoft consulting company. You might just get a mixed bag of answers. The goal of a Microsoft consulting company is to push HyperV.  Lync and Skype for Business are absolutely supported on VMware hypervisors. It falls under the “Server Virtualization Validation Program” from Microsoft. UC products like Skype and Lync do not fall under the same restrictions as Exchange when it comes to the storage platform. Microsoft will not support Exchange if it is on NFS storage (even though the same conditions for the restrictions exist in SMB3). There is no known restrictions on storage platform for Lync or Skype.

The design considerations in the “Planning a Lync Server 2013 Deployment on Virtual Servers” guide are all geared towards HyperV. VMware took up issues with this article (detailed here) and asked why Microsoft never created a validation document for VMware (clearly a market leader). To date, there still has not been a document published by Microsoft, and I do not expect them to publish a favorable article for a competing product. As far as designing your environment, do use the guidelines listed by Microsoft, but pay not attention to the restrictions on HyperThreading and memory sharing. There is not a good technical justification from Microsoft to disable these options when using VMware products.

I work in an environment where I have a multi pool global Skype deployment for 5,000 users and a US pool for 5,000 users all running on vSphere. I have not had any hypervisor related issues and I’ve never had issues with Microsoft support when it comes to having the platform on VMware products.

Don’t be persuaded that vSphere is not the best platform for Skype or Lync. I’ve heard comments like “so you’ve chosen the most expensive and complex product for your environment” or “you are not guaranteed to get support from Microsoft if you have issues in your environment”. That last statement would be somewhat true if the environment was poorly designed. Just make sure your design considerations fall within Microsoft guidelines.

 

 

 

 

VMware ROBO license usage

VMware ROBO license model was announced last year. Since the announcement, it was very difficult to get any clear information on how you actually use ROBO licenses. The licenses are sold in 25 packs and they keys are licensed “per site”.  I call support to get a definition of what “per site” meant. Was it a location, a data center, a cluster or a host? Support really couldn’t help, they only concluded that a site was a physical location.

The most difficult part of testing ROBO licenses is that there is no trial license, not even vExperts get a ROBO key.

I recently had an an opportunity to deploy two separate data centers with ROBO keys. When VMware says a key must be licensed per site, that means the key you purchase must be used in one location, just like you would with any other product key. But, the ROBO keys can be split up for the number of virtual machines you need to run in each location, just like an enterprise  or enterprise plus key can be broken up in to how many host sockets you need to license.

Lets say you have two different data centers with a requirement to run 10 virtual machines in one data center and 15 in another data center. You would log in to your VMware license portal at VMware.com and divide or combine your ROBO licenses to the amount you need for each key. You can do the same for vSphere Enterprise keys based on how many hosts you want to license. These license keys are then applied to each host. The license key keeps track of how many powered on virtual machines you have based on the ROBO license key applied to each host. So, you can have 10 hosts in one data center with a ROBO key for 10 virtual machines (but you must purchase the keys in 25 packs). A big cost savings vs purchasing licenses for each socket in each host. Imagine having 10 hosts with quad 16 core processors and only having to license based on the number of virtual machines you are running. I think VMware’s intention for this license model was meant for remote branch offices, but I have not found anything that says it cannot be used in a primary data center.

VMware has ROBO standard and advanced. Both have the same features you would expect to see in the host licenses for Enterprise and Enterprise Plus. After you install the license key in the host, it looks something like this:

ROBO key1

You then get a layout of the license key information:

ROBO key2

If you do have a remote branch that uses 25 virtual machines and you need to license the 26th, you then purchase a 25 pack of licenses. You would then combine your two 25 packs of licenses for one key of 50 licenses. You would then divide that key in to 26 and 24. That 26 key would then replace your existing key.

 

Where is the VCIX6-DCV exam?

With much cheering and confusion, the VCIX exams were announced last February.

http://blogs.vmware.com/education/2015/03/migration-paths-v5-certification-v6.html

Current VCAPs wondered, “what do I need to upgrade?”. The upgrade path for current VCAP-DCA and VCAP-DCD holders seems clear enough in the link above.

Where is the exam? Well, VMware education released the VCIX-NV right away. There is still no definite date when the VCIX6-DCV will be released. This is the word I received from VMware education:

“I would like to inform you that, VMware is in process of releasing VCP6-DCV Exam now, so after this VCIX6-DCV Exam should be release. Please note that, as of now we do not have exact date of the release or the update, most probably it should be release by the end of the year. Please go through our website blog.vmware.com for the upcoming updates.”

I really had high hopes that the exams would be released in time for VMworld 2015, but it looks like more towards the end of the year. I would say to anyone who has been thinking of holding off on taking the VCAP-DCD or DCA, go ahead and take the exams now.

VMware has provided a link that you can sign up for notifications for the exam release. http://t.co/Q51DTBSjM2

VCAP5-DCD : a pass is a pass

So I sat the exam 5/6/15, for the 4th time I think. I tried once when the VCAP-DCD 4 came out in 2011, I tried once on ver 5.1 in 2012 and once with the latest 5.5 exam a the last VMworld (which ended in a crashed exam). Each time I got within 10 to 20 points from passing. Each time I took the exam it was years apart. I had schedule the exam maybe 3 other times, but had to cancel for various reasons. All of the material I know, I think for me personally I just had personal life events and tremendous workloads that got in the way of my focus to pass the exam. Each time I did not pass I took to the forums to rant about how oddly the questions were worded. I don’t think has changed. One thing I struggled with was figuring out the vision of the answers in the exam. From what I gather, a room full of VCDX’s came up with the questions. They structured these vague questions in a manner to where one (or some) of the answers are correct. I tried to vision what they may be looking for. Almost all of the questions seem debatable, which leaves room for mistakes if you don’t put on a VCDX hat.

I can’t say the exam is any easier, I just took my time studying over a few months. I am familiar with all of the terms, it was more like a review. There is no one source you can turn to that will help you pass the exam. The blueprint is a guide that will reference all types of documents. The VMware design workshop will not give you 100% of what you need to pass the exam either, but it will help if you are just getting stared with design. This is not an exam that you can just pick up a book and read. It will take some real world experience to conqueror this exam.

The things that helped me?

– Of course Jason Grierson’s exam engine over at http://www.virtualtiers.net. This will give you a great understanding of what VMware is looking for when you do the design questions. The site is still a work in progress, but you get the feel for the design and drag & drop questions. Read through his study guide at the end as well. There are some really good topics for the exam. Especially helpful is the NIOC exercise to help you structure host limits, adapter shares and share values. If you see this guy at VMworld, buy him a beer!

– I have Scott Lowe’s design 2nd edition book. That does help. It is a design book to get you thinking about VMware design in general. A lot of the exam topics are covered in the book, but it doesn’t give you an translation into how VMware will word the exam questions based on his material. It’s really up to you to pick out key terms.

– I listened to the vBrownBag VCAP-DCD podcasts every day on my way in to work. If you have time to kill on your commute, listen to them.

– The google+ community is a real help. Scroll through some of the material, you may find some golden nuggets in there.

– There is a set of great videos from Scott Lowe on Pluralsight that I have been watching. It is the Designing VMware Infrastructure course. It is from 2012, but it has the core parts of the DCD exam. I just wish there was a refreshed series that covered all of the products in the exam blueprint like VSA, VSAN, SRM, HeartBeat and others.

– I have my own set of links on my site also that I use.

Really, you have to find your favorite study guide that is out there. I have seen some that break down the blueprint into multiple links. I can’t tell you how many times I started to do that, but it gets so long.

I took the exam around 11AM. I was lucky and got a testing center that had the monitor facing a wall. I hate the exam centers where you have to see someone over your monitor or have distracting things all around you. I did all of the design questions first and marked all of the other for review. I was left with 80 minutes (I think) to go back and finish everything up. At the end I was left with 10 or 15 minutes. I went back to review some of the weirdest questions I had ever seen. I decided to stick with my answers and scored a 306. A pass, is a pass, is a pass.

So what now? Well, for starters I need to update all my email signatures. At some point this summer I will shot for the VCAP-DCA once ver 6 comes out. Will the certification mean more money in the role I am in? Probably not, but who knows what opportunities could be on the horizon.

 

vcap5-dca_logo_sm2

Discussing Auto Deploy dependencies

In studying for the VCAP-DCD exam (objective 2.2 – Map Service Dependencies in the VDCD550 exam blueprint), I noticed a few comments on the Google+ community about what exactly is the dependency mapping of VMware Auto Deploy. Specifically, Active Directory, DNS and PowerCLI.

Yes, it is true, you can have an environment with no Active Directory by using the VMware built in accounts like “administrator@vSphere.local”. And, you could forgo DNS by using host files. No where in the Auto Deploy setup guide does it mention a requirement for Active Directory, only that administrative rights are given to Auto Deploy. DNS is mentioned in the Auto Deploy “proof of concept” setup. Nearly all setup guides include DNS configurations. The configuration calls for you to make a static DNS record (to avoid DNS scavenging I assume) and a DHCP reservation for the IP address of the host. DHCP is required, but DNS could still be replaced by host files (yuk).

host files YUK

You will be hard pressed to find any VMware document on Auto Deploy that says “this is required” and “this is optional”. There is no product map for dependencies.

Think of it like this. If I gave you a task to get a car running and I laid out some parts for you. An engine, windshield wipers, transmission, starter, battery, wheels, ignition and some bucket seats. If you were in a hurry and you see all of these parts, you would put everything together. All I tasked you with was to get the car running, I didn’t say it was going anywhere. What would be required? Most likely the engine, battery, starter and ignition. Windshield wipers, wheels, transmission and bucket seats are not required to start the car. If I start listing crazy stuff like truck nuts, ejection seats or flame paint job, you would know to disregard those because they are not relevant to a car going anywhere. I know it is a timed exam, but slow down and read what is being asked.

Sitting at an exam, who really thinks in terms of non-enterprise environments? You need to think in the realm of any possibility. I guess in any situation there could be the very most complex, administrative overhead process for deploying a product. And there could be the simplest, least management option. You could be designing something for a small dentist office or a global data center for PayPal. Even in those small offices, it is now possible for them to purchase ROBO advanced edition licenses to get host profiles instead of purchasing Enterprise Plus licenses.

I myself do not know of any environments utilizing VMware Auto Deploy, I would think there are even less using host files. But then, I am not a consultant and have not seen everything. I supposed if it is possible for an environment to use host files on every server it might be possible the environment is full of Wal-Mart Lindows machines and Windows 95.

The only way to get truly familiar with Auto Deploy dependencies is to deploy it. I am by no means the “Auto Deploy Master”. I do not use it. I’m a fan of SD cards (not usb sticks) in production. Below is the setup I will go through in order to map the required dependencies for Auto Deploy in vSphere 5.5. We will see the items “required” and “not required”. This is not meant to be a step by step procedure to install Auto Deploy, I am just going over dependencies. The lab I will be working with is bare bones for what is “required”. If you would like to see the setup and configuration procedure, please visit this link.

A few things that are “required” to get started with the the Auto Deploy setup will be vCenter, a TFTP server and DHCP (options 66 and 67). We will also need to configure the hosts to PXE boot. For this lab, I will be using nested ESXi servers to boot.

I have to say, this is the first time I have ever deployed vCenter on a non domain joined server. I will be setting up DHCP on a Windows 2012 R2 server and TFTP with Win agents TFTP server.

AutoD01 - VC workgroup

 

You will get a warning during the setup of vCenter that you are not joined to the domain.

AutoD03 - VC workgroup

 

The “administrator@vsphere.local” can be used for all logins.

AutoD03 - VC user

In my lab, I will be using host files on 3 servers.

AutoD04 - host files

 

 

on my Windows 2012 TFTP server I had I had to unblock all of the files in the TFTP root.

AutoD05 - unblock tftp

So far we know that TFTP will depend on DHCP. The host will first depend on DHCP to get an ip address. With options 66 and 67 the host will then pull the “undionly.kpxe.vmw-hardwired” file form the TFPT server. This file contains instructions for the host to get an image profile (not a “host profile” from vCenter) and what VIBs to pull from the image depot/repository on the Auto Deploy server.

Once vCenter is up, you need to download the TFTP boot Zip from vCenter (after auto deploy is setup with vCenter). So, we know now that TFTP depends on the Auto Deploy server because it must get a configuration file “undionly.kpxe.vmw-hardwired” to boot remote hosts from.

PowerCLI is now needed to import VIBs or offline bundles to the image depot / repository. So the Auto Deploy server is dependent on image profiles and the image depot. PowerCLI is used to create the deployment rules (image profile) for each ESXi host (or group of hosts), then that rule must be added to the active set so that it will take effect.

Here is a question. If there is no DNS, how will the newly provisioned hosts resolve hostnames without a hostfile? The image is brand new and does not carry a host file. When the host is added to vCenter, it will actually use the IP of vCenter. So we still do not need DNS.

AutoD08 - managed by VC IP

After the host is connected, we then create the host profile from the newly attached host. This host profile will be applied to all the clusters. But, this is not a requirement. We were able to successfully add a host to vCenter. The requirements of the product do not call for you to make custom changes to any hosts. As far as Auto Deploy is concerned, it’s job is done. It is possible to include the vCenter host profile as a part of the deployment rule, but that is not a requirement to get Auto Deploy running.

So what do we know so far? Thou shalt have: vCenter, TFTP, DHCP, a host to boot, an image depot, image profiles (for the active working set), Auto Deploy server and PowerCLI. Can the PowerCLI part be argued? Maybe. Perhaps there is some way to manipulate the vCenter database to create an image profile and upload the VIBs to the depot or someone has some third party tool to create image profiles. As far as I can tell, the image profiles and VIBs uploaded to the image depot must be done via PowerCLI. Removing PowerCLI from the equation would seem far outside of the normal operations of Auto Deploy. But then again I thought Active Directory and DNS were a part of the normal operation. The image builder itself would not be considered a requirement in the dependency map either. You have the option to download the offline bundles from VMware and include your vendors hardware VIBs with the deployment.

To examine each dependency, think about if each compenent was not available.

vCenter: With no vCenter, how would you install the Auto Deploy server? It would not be possible. Where would hosts go?

TFTP: Without a TFTP server, how would the host PXE boot receive the undionly.kpxe.vmw-hardwired file and then get configuration information from Auto Deploy?

DHCP: Without DHCP, how would a stateless host get an IP address and know what to do from there? DHCP would be the first link in the chain for the host to boot from PXE and do anything.

Host: Without a host, what good is all that Auto Deploy configuration?

Image depot: Without an image depot, where would the host get an ESXi image or hardware vendor VIBs?

Image profile: Without an image profile, how would the host get deployment rules from the Auto Deploy server?

PowerCLI: Without PowerCLI, how would you create the image profiles and image depot?

Auto Deploy server: Without the Auto Deploy server itself, where would the image profiles live and the image depot. The Auto deploy server is the traffic cop directing hosts to the vCenter server via the image profiles and image depot.

So after all of this, what would a VMware Auto Deploy “requirements” dependency map look like?

Auto deploy dependency

 

Tintri and XenDesktop: my 411

When I first started looking at using Tintri for my VDI environment, all I could find were white papers and webinars that said “best of the best of the best SIR!”.

nestofthebest1

I did not know how this mystical unicorn “Tintri Clones” could help me. What is the mechanism that will help get VDI off the ground? How is this so different from what I use today?

In my particular situation, I am using Xendesktop 7.5 MCS with PvD on top of vSphere. I originally used personal vDisks as a way to save disk space. I would redirect the user data to a NAS and use the PvD as user application install space. I found this to be a great provisioning method on a traditional SAN. I would have a central image to maintain and push out the updates to a catalog. But, storage migration is a nightmare when using PvD because it is not supported by Citrix. The way to get around this is to do a backup and restore on to a new pool of desktops. You can continue to use PvD with Tintri, but it really becomes unnecessary. I will show you why.

The plan: build a new pool of desktops on Tintri storage to take advantage of its features. How do I take advantage of the array features and space savings? It was really quite simple. I was expecting to find some complicated configuration setup between Citrix, Tintri and VMware to get things working. It all really boils down to the Tintri host plugin and cloning your master image on the Tintri array. The host plugin activates the Tintri VAAI for reduced host IO, space savings and fast deployments of VMs by offloading the process to the array. Offloading processes to the array is not something new, a lot of vendors do this today. Tintri offers a few whitepapers on how to use Citrix with Tintri: http://www.tintri.com/blog/2014/05/tintri-citrix-xendesktop-citrix-ready . There are some important Pros, CONs and gottachas to go over. The most important gottacha that I think should be noted is that a catalog should not be updated or created from a VM that has snapshots. Doing so negates the space savings and creates full clones of the desktops. It is important to remember that the base image for the catalog should be created from a Tintri clone. This involves logging on to the array and cloning your master image. Simply cloning from the vSphere web client or C# client will not do it. This clone will be used to spawn all of your virtual machines. You would then re-clone this master image with no VM snapshots to push out any updates to your catalog from Citrix with MCS if you are using PvD.

From the diagram below, you can see how personal vDisks work. The user / application data is saved out to a seperate drive. Each vSphere datastore gets a copy of the base disk for each VM to link back to. Each VM with MCS (machine creation services) also gets a small 16MB identity disk. I can say that I’ve had Citrix issues with every other release using personal vDisks. Adding on this piece to your deployment adds a layer of complexity. I find it much easier to just use clones of the master image as regular desktops. You already get space saving from the Tintri array vs PvD. The only advantage would be the ability to push out updates to a catalog from a master image when using a PvD catalog.

 

pvd_overview

 

The only negative with using a machine catalog that saves data to the local disk instead of a PvD is that you cannot grow the drive on individual VM from the vSphere console. Each VM is tied to a Citrix created snapshot in vSphere with the base disk. A virtual machine with a snapshot cannot change the drive size even if it is powered off. This is not a negative aspect of Tintri, it is a function with Citrix. How do you grow the drives? You would need to create dedicated machines from Tintri clones or clone the VM to a individual VM that is not tied to a master (this would involve creating a new pool).

Citrix creates disk layouts in different ways when it comes to dedicated machines and PvD machines in MCS. PvD machines link each VM’s C drive back to a base master disk in each datastore, but each dedicated machine links back to an individual snapshot of the master disk, so you are dealing with many more C drives that could grow vs having a PvD on each machine that would grow. To review this process, visit the Citrix documentation.

I am not going to cover PVS provisioning, that will be for another post.

So why is it the “best of the best of the best, Sir!”? There are auto tier systems and then there is Tintri AWS. This is the Active Working Set which runs 99% of IOPS in flash. My users get data in flash when they need it.

Overall, I found the process of creating my VDI environment from Tintri quite easy. It is so easy to investigate who is doing what in the Tintri console! No complicated java setups or fat clients that require days of training. It is important to review all of the Tintri best practices before you go about re-platforming your environment. You don’t want to go spawning desktops in a catalog from a VM you built that has snapshots!