May 20

Horizon View certificate management

“VMTurbo"
This blog post is mostly for myself so i can remember how to do this next time so i don’t have to spend 2 hours trying to find the information needed once more. If i just did more Horizon View implementations i guess i would know this by heart but honestly and as you might understand if you follow my blog that is not the most common task i do.

This applies to VMware Horizon View 6.0.1 and vSphere 5.5 U2

I’ll describe the steps i took during my last Horizon View implementation to create certificate request file and then import the certificate to the Horizon View Connection Servers and to the Horizon Composer Server.

  • Run the following command from a cmd promo started as an administrator to generate the certificate request file,
    “certreq -new request.inf certreq.txt”
    The request.inf file contained the following information.
    Don’t forget the exportable set to true and FriendlyName set to vdm
    ;—————– request.inf —————–
    [Version]
    Signature=”$Windows NT$
    [NewRequest] Subject = “vdi.vcdx56.com, OU=vcdx56 IT, O=VCDX56, L=Kumla, S=Nerike, C=Sweden”
    KeySpec = 1
    KeyLength = 2048
    Exportable = TRUE
    MachineKeySet = TRUE
    SMIME = False
    PrivateKeyArchive = FALSE
    UserProtected = FALSE
    UseExistingKeySet = FALSE
    ProviderName = “Microsoft RSA SChannel Cryptographic Provider”
    ProviderType = 12
    RequestType = PKCS10
    FriendlyName = vdm
    KeyUsage = 0xa0
    [RequestAttributes]
    SAN=”dns=vdi.vcdx56.com&dns=viewcs01.vcdx56.com&dns=viewcs02.vcdx56.com&dns=viewcomp01.vcdx56.com”
    [EnhancedKeyUsageExtension]
    OID = 1.3.6.1.5.5.7.3.1 ; this is for Server Authentication
    ;———————————————–
  • Send the certreq.txt file to the internal or CA responsible or use it to request and external certificate. In my case, the customer had an internal CA so i send the certificate to that team.
  • Receive the certificate from the certificate authoritative (CA)
  • Implement the certificate to the local balancer.
  • Connection server 1
    • Import the certificate via the MMC using the following procedure:
      • Start Microsoft Certificates MMC Snap-In for the computer account.
      • Navigate to Certificates (Local Computer) > Personal > Certificates.
      • Right-click and select Import ->
      • Select the certificate file ->
      • Place the certificate in the Personal certificate store ->
      • Finish
    • Export the certificate via the MMC using the following procedure:
      • Start Microsoft Certificates MMC Snap-In for the computer account.
      • Navigate to Certificates (Local Computer) > Personal > Certificates.
      • Right-click the certificate that you want to export ->
      • All Tasks > Export ->
      • On the Welcome screen ->
      • Select Yes, to export the private key ->
      • Select Personal Information Exchange – PKCS #12 (.PFX) and click the check box include all certificates in the certification path if possible ->
      • Enter password for private key ->
      • Enter file name and location ->
      • Next ->
      • Finish.
    • Import the newly create PFX file using the Import certificate option in MMC
      • Type password, Select Mark this key as exportable file via MMC
    • Remove the friendly name VDM from the original certificate created during the installation
    • Restart the Horizon View service or VM (i restarted the VM)
  • Connection server 2
    • Import the PFX file via MMC
    • Remove the friendly name from the original certificate created during the installation
    • Restart the service or VM (i restarted the VM)
  • Composer Server
    • Import the PFX file via MMC
    • Remove the friendly name from the original certificate created during the installation
    • Restart the service or VM (i restarted the VM)
    • Start a cmd window as Administrator
      • go to directory where sviconfig.exe is located. In my case, C:\Program Files (x86)\VMware\VMware View Composer
      • Run the command “sviconfig -operation=ReplaceCertificate -delete=false” ->
      • Select the newly imported certificate ->
    • Restart the service or VM (i restarted the VM)

I know there are other alternatives but at least this procedure worked just fine for me.

 

May 18

Unitrends free + “Recover your weekend” Sweepstakes

“VMTurbo"
Last week, Unitrends released a new product — Unitrends Free. The product, which is unlimited in terms of VMs and sockets, gives you the opportunity to protect 1TB of VM data for free, forever. When downloading your Unitrends Free copy, which you can do via this link, you also get a chance to participate in the “Recover Your Weekend” Sweepstakes where you get a chance to win the following.

  • Grand Prize — $1500 VISA Giftcard
  • Many will win a Unitrends travel kit

There are a lot of nice feature included in the free version:

  • vSphere and Hyper-V Backup for Unlimited Virtual Machines (VMs) and Sockets. Unlike other tools that restrict usage by number of VMs or sockets, Unitrends Free provides hypervisor-level protection for up to 1 terabyte (TB) of data.
  • Instant VM Recovery – Makes it possible to quickly run a VM directly from a backup to reduce downtime. Instant recovery also allows users to spin up copies of their VMs for recovery verification, testing and development.
  • Automated Daily Scheduling – A “set it and forget it” feature for scheduling daily recovery points to keep a user’s system protected at all times.
  • Fast, Incremental Forever Backups – Changed block tracking (CBT) and incremental forever backups to ensure that fast completion times same time as using as little storage as possible.
  • Cloud Integration – Take advantage of low cost long-term storage via integration with third-party clouds such as:
    • Google Cloud Storage
    • Google Nearline
    • Amazon Simple Storage Service (S3).
  • Unitrends Community Integration – Directly integrated into the Unitrends Free user interface, IT professionals can search the forum and collaborate to help one another, while also earning attractive rewards.
Unitrends-Free-Giveaway-250x250
Go get a copy of Unitrends Free here and start protecting your VMs.

You can learn more here: www.UnitrendsFree.com

May 15

ESXi 6.0 Change Block Tracking patch released

“VMTurbo"
Great news, yesterday 2015-05-14, VMware released the patch for the ESXi 6.0 Change Block Tracking (CBT) patch that affected all customers running ESXi 6.0 no matter if you upgraded to ESXi 6.0 or did a fresh install of ESXi 6.0.

The patch will make it possible to backup your virtual machines (VMs) when CBT is turned on. The workaround available before this patch was released included to turn off CBT resulting in longer VM backup job run times. If you turned off CBT for your VMs i guess you can use KB1031873 to turn it back on even though the KB does not list ESXi 6.0.

More information is available in the VMware KB2114076 and i never actually found out what “large number of virtual disks” mentioned in the KB actually means. Was it 4, 8, 16, 32 and so on.

The patch, ESXi 6.0 Build 2715440, can be downloaded via the already mentioned KB or via this link and use either vSphere Update Manager (VUM) or the ESXi host command “esxcli software vib” to install the patch. A reboot of the ESXi host is necessary.

May 12

Nutanix Community Edition announced

“VMTurbo"
A really short blog post but the content is really awesome. A lot of my readers have asked me about how to run the Nutanix software based hyper converged solution in a home lab. Today i got the answer and it is spelled Nutanix Community Edition (CE).
The CE was announced by Nutanix today and will be released as a public bete June 8th meaning the same day as the first day of the Nutanix .Next conference.

To sign up for CE, click the following link. And if this wasn’t enough, Nutanix also gives you the chance to win a free home lab valued up to 3 000 USD. But hurry up, the first 500 who register for the CE will be included in the home lab drawing and also some free .Next Conference passes.

Screen Shot 2015-05-13 at 06.06.30

The only requirement is that you to be part of the NEXT Community and also send anonymized logs to Nutanix so the product can be improved to use.

Below are the minimum hardware requirements to run CE:

  • Servers
    • 1, 3 & 4 servers
  • CPU
    • Intel CPUs, 4 cores minimum, with VT-x support
  • Memory
    • 16GB minimum
  • Storage Subsystem
    • RAID 0 (LSI HBAs) or AHCI storage sub-systems
  • Hot Tier (SSD)
    • One SSD per server minimum, ≥ 200GB per server
  • Cold Tier (HDD)
    • One HDD per server minimum, ≥ 500GB per serve
  • Networking
    • Intel NICs

Last thing, the CE will be available at no cost!

Screen Shot 2015-05-12 at 20.00.18

Read the Nutanix official press release here including some early beta participants comments.

 

May 11

Chance to win free VMworld 2015 US tickets from VMTurbo

“VMTurbo"
Today i received some were good news from VMTurbo. They are actually giving away free VMworld 2015 tickets this year as well. They did the same last year which you can read about hereVMworld will be held August 30TH, 2015 – September 3RD, 2015 at the Moscone Center in San Francisco.

If you haven’t done so already sign up for the chance to win the VMworld tickets here and tune in for the there drawings that will be held:

  • 29 May
  • 19 June
  • 10 July

You can read the VMturbo Sweepstakes term and agreements here

Screen Shot 2015-05-11 at 21.56.24

So again, a huge thank you VMturbo for this great way of sponsoring the virtualisation community.

This is not an advertising blog post payed for by my blog sponsor VMTurbo, this is just a way for you as a VDCX56 blog reader to get a chance to take advantage of this great offer from VMTurbo.

May 05

vRA PostgreSQL database backup

“VMTurbo"
In a vRealize Automation (vRA) formerly known as vCloud Automation Center (vCAC) there are quite a few components to keep in sync so you can successfully restore the environment in case of a disaster. I mentioned backup and restore as a critical piece of a vRA implementation during the podcast i joined the other week. Click here to view the podcast blog post.

For a standard vRA deployment including provisioning virtual machines (VMs) to vCenter Server you got a minimum of three (most likely four) databases to keep track of apart from the VMs delivering the management components:

  • vRA VA database
  • vRA IaaS database
  • vCenter Server database for management systems
  • vCenter Server database for workload systems

In many of the deployments i have implemented the customer database of choice has been Microsoft SQL (MSSQL) where possible and that covers three of the above mentioned databases. However, MSSQL is not supported for the vRA virtual appliance so in that case you need to use the internal PostgreSQL database or use an external PostgreSQL database.

Below is a script that you can run in the vRA VA to perform a PostgreSQL database dump that can be used for restore if necessary. The script has been verified for vRA version 6..1.0.0 Build 2077124.
The backups are created in the directory /root/postgresql_backup, which you have to create manually, and for the below example i save 7 daily copies of the dump.

#/bin/bash

# Script to backup the vRA PostgreSQL Database
# Version 1.0
# Magnus Andersson Nutanix
#
# Set date parameter
date=`date |awk ‘{print $2 $3}’`
#
# Set backup file
backupfile=”/root/postgresql_backup/PostgreSQL_DB_Backup_$date.sql”
# Set backup start date and time in log file
echo “Backup starting at:” `date` > /root/postgresql_backup/backup.log
#
# Start PostgreSQL dump
/opt/vmware/vpostgres/9.2/bin/pg_dump -U vcac vcac -f $backupfile
#
# Delete backup files older than 7 days
find /root/postgresql_backup/ -name “PostgreSQL_DB_Backup_*.sql” -mtime +7 -exec rm {} \;
#
# Set backup finish date and time in log file
echo “Backup finished at:” `date` >> /root/postgresql_backup/backup.log
Other vRA VA partition options if you don’t want to use the / partition are:
  • /Storage/db
  • /Storage/log
Now when we got a script to take PostgreSQL database dumps it could be nice to run the backup on a schedule and crontab is our friend here.
You list the crontab entries via “crontab -l ” command and you edit the crontab file using the “crontab -e” command.
The scheduling options in crontab includes:
  • minute (from 0 to 59)
  • hour (from 0 to 23)
  • day of month (from 1 to 31)
  • month (from 1 to 12)
  • day of week (from 0 to 6) (0=Sunday)

I used the following crontab entry to schedule the backup to take place every day at 10:30 PM for my most recent implementation.

# PostgreSQL backup job
30 22 * * * /root/postgresql_backup/backup.sh >/dev/null 2>&1

Apr 28

Nutanix vRealize Automation reference architecture

“VMTurbo"
Just realised that the blog post i put together after the Nutanix vRealize Automation (vRA) formerly known as vCloud Automation Center (vCAC) reference architecture was published earlier this year was still unpublished. Received quite a few questions about it since the podcast, that can be found here, i did a few weeks back was released.

During the past years i have spend a lot of time implementing cloud based service offerings for enterprise and SMB customers for their internal or public (service provider) facing solutions.
These kind of services are often built up using a management component and an end user component setup approach.
The management component includes all the infrastructure required to deliver the platform where the end user workload runs. The end user workload is often referred to as the resource or workload component.
A common used approach while creating cloud based services is that the highest customer, often referred to as a tenant, availability demands must be applied to both the management component and resource component.
When the availability discussion is completed we have to determine the potential workload characteristics and this includes both the management and resource component but unlike the availability discussion we can not use the customer/tenant demands and apply them to the management component. These are often two very separate use cases in terms of performance and latency demands and for the public service provider space, they really don’t know what to expect since they often try to attract new unknown customers.

The VMware vRealize Automation software can be used to create the cloud based solutions and the software consists of several different components apart from the resource workload:

  • Identity Management
  • End user Portal Management
  • Gouvernance
  • Orchestration engines
  • Databases
  • Back end web portal/services
  • Internal management services

The Nutanix vRA reference architecture that you can download here focus on the management components and follows the VMware outlined concepts of deployment types and also gives directions for Nutanix component configuration for the resource workload.

You will also find information about the following topics in the vRA on Nutanix reference architecture:

  • How the Nutanix Platform works
  • How the Nutanix Platform can interact with vRA.
  • What Nutanix components are required to implement the vRA management cluster components.
  • Suggested Nutanix setup and configuration.
  • VMware vSphere cluster information.
  • How much rack space and how many network switch portas are required for implementing the is required to implement the vRA management cluster components.
  • Comparison in terms of disk space usage and deployment times when using different deployment methods and different Nutanix storage configurations.
Screen Shot 2015-04-28 at 16.19.24

After reading the Nutanix vRealize Automation Reference Architecture i’m convinced that you’ll end up with the same conclusion as we have meaning that vRA and the Nutanix web-scale converged infrastructure is the perfect combination and building block for an enterprise, service provider, private, public or hybrid cloud infrastructure.

Note: The different deployment types included in the Nutanix vRealize Automation Reference Architecture reference the figures for vRA 6.0.

Apr 21

vRealize Orchestrator service won’t start

“VMTurbo"
So the other day i ran in to a problem where i couldn’t connect to my vRealize Orchestrator (vRO) formerly known as vCenter Orchestrator (vCO) version 5.5.2 server using the vCO client. It was working perfectly fine before a restart of the Windows Server 2012 R2 virtual machine (VM), required because of Windows patching.

When looking at the VMware vCenter Orchestrator Server service via the Windows Server Services mmc i saw that it wasn’t started.

Screen Shot 2015-04-21 at 20.46.17

So i started the “VMware vCenter Orchestrator Configuration” service and logged on to the web configuration page via https://ip:8283 and:

  • Set the log level to Debug via the Log section:
    Screen Shot 2015-04-21 at 21.27.07
  • Tried to start the service via the Startup Service -> Start service link.
    Screen Shot 2015-04-21 at 20.58.26

That didn’t help and i thought it took a really long time before getting vCO Config Startup page reported anything. Actually it reported the vCO service as started until i reload the web page. The it stil said not started.

I decided to start the service via the Services mmc and the same time monitor the VM via Task Manager after downloading the vCO log bundle, investigated the logs and open a VMware Service Request.

During the start attempt i saw that McAfee On-Access Scanner service was running heavily on CPU.

McAfee1

 McAfee VirusScan Console view.

mcafee2

When looking in Windows Event Viewer -> Windows Logs -> Application i saw a bunch of McAfee information messages including e.g.:

  • The scan of C:\PROGRA~1\VMware\Orchestrator\configuration\temp\dars\o11nplugin-vsphere.dar\lib\o11nplugin-vsphere-core-5.5.2-1875635.jar has taken too long to complete and is being canceled.  Scan engine version used is 5700.7163 DAT version 7772.0000.
  • C:\Program Files\Common Files\VMware\VMware vCenter Server – tc Server\bin\winx86_64\wrapper.exe

All customer server VMs have McAfee installed locally and the version running is “VirusScan Enterprise + AntiSpyware Enterprise 8.8″.

mcafee001

I asked the customer, since i didn’t have any access to perform the operation, to add McAfee exceptions for the following directories in McAfee:

  • C:\Program Files\VMware\Orchestrator
  • C:\Program Files\Common Files\VMware\VMware vCenter Server – tc Server

When the exceptions were added i could start the VMware vCenter Orchestrator Configuration. I’m not sure what was the root cause of the problem since it has been working for a few months but i’ll update the blog post when/if i find out.

Apr 17

Problem reading mime attachment in vRealize Orchestrator

“VMTurbo"
A few days ago i had to create a vRealize Orchestrator (vRO) formerly known as vCenter Orchestrator (vCO) workflow that reads a file. For that you can use the MimeAttachement type.

Screen Shot 2015-04-17 at 12.51.27

What i didn’t know was that once you read the file its content will be cached internally in vRO and since i need to run the vRO workflow automatically once a day via the vRO scheduler this was not going to work. Thanks to Joerg Lew for sharing  (in my case) really critical piece of information.

It did work if i:

  • Edit the workflow
  • Click the Value link in the Attribute section, in this case the “vcoinput.csv (application/octet-stream) link”Screen Shot 2015-04-17 at 12.47.33
  • Select the file, vcoinput.csv, again
    Screen Shot 2015-04-17 at 12.48.05
  • Start the workflow.

I got the recommendation, via the following VMware Communities thread, to create a new mime.attachment variable in a scriptable task instead of using an predefined attribute. The below java script code makes it possible to read the same file over and over again and fetch any new content since the last time the file was read.

  • var InputFile = new MimeAttachment(“c:\\scripts\\vcoinput.csv”);
  • var Users = InputFile.content;
  • var user = Users.split(“,”);

To make it possible for vRO to read a local file, in this case placed in the directory c:\scripts on a Windows 2012 Server running vRO/vCO 5.5.2, you have to add the below line to your js-io-rights.conf configuration file located in the directory C:\Program Files\VMware\Orchestrator\app-server\conf

  • +r c:/scripts/vcoinput.csv (actually i only added c:\scripts since i had to later read other files in the same directory)

After you edit the file, make sure to restart the vRO service. Also thank you to VMware community member iliac.

 

Apr 15

My first company podcast

“VMTurbo"
Must be a first time for everything, right? Last week was my first time i participated in a company lead podcast recording and yesterday it was released. The topic that we covered was automation and orchestration with focus on Nutanix, vRealize Automation (vRA) formerly known as vCloud Automation Center (vCAC), vRealize Orchestrator (vRO) formerly known as vCenter Orchestrator (vCO) and operational procedures.

The podcast was hosted by:

Click the below figure and listen the 28 minutes and see what you think. If you got time, please provide feedback via either the blog post comment or by contacting the podcast hosts here:

Screen Shot 2015-04-14 at 19.21.22

 

 

 

 

 

 

 

 

 

 

 

The Nutanix vRealize Automation reference architecture on Nutanix mention in the podcast can be downloaded here and additional Nutanix Podcasts can be found here.

Older posts «