VMworld 2015: A Recap of the Latest News and Events

As a follow-up to our previous post, vChat Podcast – Episode 38 – vSphere Home Labs and EMC vVNX, I would like to share my experiences at VMworld 2015. VMworld is one of the biggest virtualization conferences in the industry, and this year’s event did not disappoint.

The keynote session was one of the highlights of the conference. VMware CEO Pat Gelsinger and other executives shared their vision for the future of cloud computing and how VMware is leading the way with innovative technologies like NSX and vSAN. The keynote also featured several high-profile announcements, including the release of vSphere 6.5 and the acquisition of AWS.

One of the most exciting aspects of VMworld was the opportunity to attend various speaking sessions and labs. These sessions covered a wide range of topics, from the fundamentals of vSphere to advanced technologies like network virtualization and cloud management. The labs were especially valuable, providing hands-on experience with the latest VMware technologies.

The expo was another highlight of the conference, featuring booths from numerous vendors showcasing their latest products and services. It was a great opportunity to learn about the latest trends and innovations in the virtualization industry.

Of course, no conference is complete without some networking and partying! The VMworld after-hours events were some of the best I have ever attended. From the welcome reception to the closing party, there was always something going on. I had the opportunity to connect with numerous industry professionals, including fellow vExperts and other thought leaders.

Overall, VMworld 2015 was an incredible experience that provided valuable insights into the latest virtualization technologies and trends. I would highly recommend attending this conference to anyone interested in virtualization or cloud computing.

If you would like to learn more about my experiences at VMworld 2015, you can check out my colleague Eric Siebert’s article for additional perspectives. And don’t forget to subscribe to our vChat podcast on iTunes for more virtualization goodness!

Thank you for reading, and I hope you found this post useful. Please feel free to leave a comment or suggest any topics you would like me to cover in the future.

Alibaba Cloud’s VMware Services: A Game-Changer for Hybrid Cloud Computing

In recent years, the concept of hybrid cloud computing has gained significant traction in the business world. This is because it offers a more flexible and cost-effective approach to managing IT infrastructure compared to traditional on-premises solutions. Alibaba Cloud, one of the leading cloud service providers in the market, has also jumped onto the hybrid cloud bandwagon with its VMware services. In this article, we will explore the benefits and features of Alibaba Cloud’s VMware services and how they can help businesses succeed in today’s fast-paced digital landscape.

Background and Benefits of Alibaba Cloud’s VMware Services

Alibaba Cloud and VMware have been partners since 2018, and their collaboration has led to the development of a range of hybrid cloud solutions that enable businesses to seamlessly move their on-premises workloads to the cloud. The main benefits of Alibaba Cloud’s VMware services are:

1. Flexibility: With Alibaba Cloud’s VMware services, businesses can choose to deploy their applications and data either on-premises or in the cloud, depending on their specific needs and requirements.

2. Cost-effectiveness: By leveraging the scalability and flexibility of the cloud, businesses can significantly reduce their IT costs and improve their bottom line.

3. Seamless integration: Alibaba Cloud’s VMware services enable seamless integration with existing on-premises infrastructure, ensuring minimal disruption to business operations.

4. Enhanced security: With advanced security features such as NSX and vSAN, businesses can ensure the safety and integrity of their data in the cloud.

Features of Alibaba Cloud’s VMware Services

Alibaba Cloud’s VMware services offer a range of features that enable businesses to adopt hybrid cloud computing with ease. These include:

1. Bare-metal vSphere clusters: Businesses can deploy and manage their vSphere clusters on bare-metal servers, allowing for greater flexibility and control over their IT infrastructure.

2. vSAN and NSX: Alibaba Cloud’s VMware services support vSAN and NSX, enabling businesses to build a more agile and secure hybrid cloud environment.

3. SDDC solution: Alibaba Cloud offers an end-to-end SDDC (Software-Defined Data Center) solution that enables businesses to build and manage their hybrid cloud environments with ease.

4. Hybrid cloud management: With Alibaba Cloud’s VMware services, businesses can easily manage their on-premises and cloud-based resources from a single platform, ensuring seamless integration and maximum efficiency.

Conclusion

Alibaba Cloud’s VMware services offer a powerful solution for businesses looking to adopt hybrid cloud computing. With its flexibility, cost-effectiveness, seamless integration, and enhanced security features, Alibaba Cloud’s VMware services can help businesses succeed in today’s fast-paced digital landscape. If you are considering adopting hybrid cloud computing, Alibaba Cloud’s VMware services are definitely worth exploring.

In this article, we have demonstrated how to register and use the Aria Automation Orchestrator Plug-in for the VMware vSphere Client (vCOIN) with our VMware vCenter Server instance. The plug-in allows us to execute automated workflows within a context-sensitive environment, making it easier to implement standardized tasks and integrate with third-party systems.

We have covered the following topics:

1. Introduction to the Aria Automation Orchestrator Plug-in for vSphere Client (vCOIN)

2. Prerequisites for installing the vCOIN plug-in

3. Installing and registering the vCOIN plug-in with VMware vCenter Server

4. Configuring workflows for use within the vCOIN plug-in’s context menu

5. Testing the vCOIN plug-in by executing a workflow from the context menu of a datastore object

6. Monitoring the status of workflow runs and accessing log information and outputs.

By using the Aria Automation Orchestrator Plug-in for vSphere Client (vCOIN), we can streamline our VMware vCenter Server management tasks, make them more repeatable, and integrate with third-party systems to automate complex processes.

My Journey from Infrastructure Admin to Cloud Architect: Navigating vSAN Clusters without vCenter

As an infrastructure admin, I have always been familiar with the power of vSAN in creating robust and efficient virtualized environments. However, when faced with a scenario where vCenter is down and the cluster needs to be reconfigured, I found myself on a journey to explore alternative methods for forming and managing vSAN clusters without the need for vCenter. In this blog post, I will share my experience and the steps I took to successfully navigate this challenge.

The Challenge

—————–

In a nested vSAN environment, we often encounter situations where vCenter is down or not functioning properly, resulting in inaccessible data and an inoperable cluster. This can be a major setback for organizations relying on virtualized infrastructure to support their business operations. To overcome this challenge, I needed to find a way to form and manage vSAN clusters without vCenter.

The Solution

—————-

To begin, I assessed the situation using the vSAN Health in ESXi web interface. This tool provided valuable insights into the state of the cluster, revealing that all hosts were isolated and unable to communicate with each other. To address this issue, I employed a series of commands and techniques to manually inform the hosts about their vSAN neighbors and recreate the cluster without vCenter.

Step 1: Check Cluster Status

The first step was to check the status of the cluster using the esxcli vsan cluster get command. This confirmed that all hosts were isolated and unable to form the cluster.

Step 2: Check Network Connectivity

Next, I used the vmkping -I vmkX x.x.x.x command to check if the network connectivity was the issue. Fortunately, the pings were successful, indicating that the network was functioning properly.

Step 3: Manually Inform Hosts about Neighborhood

Since vCenter was not available, I needed to manually inform the hosts about their vSAN neighbors. This is typically done through unicast communication, where each host communicates with its neighbors directly. To do this, I used the esxcli vsan cluster unicastagent list command to check the list of neighbors for each host.

Step 4: Add Hosts to Unicast Agent List

To form the cluster without vCenter, I needed to manually add hosts to the unicast agent list. This ensures that each host has a complete list of its neighbors, allowing them to communicate and form the cluster. To do this, I used the esxcli vsan cluster unicastagent add command, specifying the host UUID, the IP address of the host, and the port number (12321 in my case).

Step 5: Check Sub-Cluster Member Count

After completing these steps, I checked the sub-cluster member count to ensure that the cluster was formed successfully. To my relief, the count had increased from 1 to 4, indicating that the hosts were now able to communicate and form the cluster without vCenter.

Conclusion

———-

In this blog post, I have shared my journey from infrastructure admin to cloud architect, navigating vSAN clusters without vCenter. By using a combination of commands and techniques, I was able to successfully recreate the cluster and make the data accessible again. This experience has taught me the importance of being adaptable and finding creative solutions to overcome challenges in virtualized infrastructure management.

Welcome to the VMware vExpert Program! We’re excited to have you as part of this community and recognize your contributions to the world of virtualization. As a vExpert, we encourage you to continue sharing your knowledge and expertise with others, and we offer various paths to help you grow in your journey.

To apply for the vExpert program, you’ll need to demonstrate engagement and involvement in the community across several areas. These include:

1. Blogging or creating content related to virtualization on platforms like LinkedIn, Twitter, YouTube, or your own website.

2. Participating in online forums and discussions related to virtualization, such as Reddit’s r/vMware community.

3. Sharing your expertise and knowledge through public speaking engagements at events like VMworld, vForum, or other local user groups.

4. Acting as a reference or customer success story for VMware, either through case studies or testimonials.

5. Contributing to open-source projects related to virtualization, such as the Open Virtualization Framework (OVF) or the Cloud Management Platform (CMP).

6. Participating in VMware’s Customer Path program, which recognizes leaders from customer organizations who have demonstrated passion and commitment to virtualization.

7. Being a VPN (VMware Partner Network) employee reference, showcasing your technical knowledge and expertise to many.

8. Holding the prestigious VCDX title, which demonstrates your advanced skills and knowledge in virtualization.

9. Leading or participating in local VMUG events, sharing your expertise and helping others learn about virtualization.

10. Documenting and sharing your challenges, lessons learned, or explorations in working with the whole Virtual stack, sub-stack, and even virtual pancake stack!

To apply for the vExpert program, you’ll need to provide evidence of your engagement and involvement in these areas. You can submit your application through the Official VMware vExpert Directory. If you have any questions or need help with your application, reach out to a vExpert Pro in your region. They’ll be happy to assist you with your application or introduce you to another vExpert Pro who can help.

Additionally, if English is not your first language, check out the Official VMware vExpert Directory to find someone who’s already blogging, creating videos, and otherwise in your native language! Also, stay tuned for my vExpert for Mainland post coming soon!

Finally, don’t forget to register for VMworld 2020 yet! It’s a MUST attend event from October 29th to September 1st, and it’s free! Your Free Pass to VMworld 2020: The Details.

Best regards,

Christopher Kusek @cxi

VMware NSX is a powerful software-defined networking (SDN) platform that allows organizations to build and manage their networks in a more agile, flexible, and secure manner. With NSX, users can virtualize their network infrastructure, providing a more efficient and cost-effective way to manage their network resources. In this blog post, we’ll explore the key features, licenses, and certifications associated with VMware NSX, as well as its benefits for organizations looking to improve their network management capabilities.

Key Features of VMware NSX

——————————

NSX provides a range of powerful features that enable organizations to build and manage their networks in a more agile and flexible manner. Some of the key features of NSX include:

* Network Virtualization: NSX allows users to virtualize their network infrastructure, providing a more efficient and cost-effective way to manage network resources.

* Software-Defined Networking (SDN): NSX is built on an SDN framework, which provides a programmatic interface for managing network resources.

* Network Functions Virtualization (NFV): NSX supports NFV, allowing users to virtualize network functions such as firewalls, load balancers, and intrusion detection systems.

* Micro-Segmentation: NSX provides micro-segmentation capabilities, which allow organizations to segment their networks into smaller, more secure zones.

* Hybrid Cloud Support: NSX supports both on-premises and cloud environments, allowing users to build and manage their networks across multiple environments.

Licenses for VMware NSX

————————-

VMware NSX is available in several different editions, each with its own set of features and capabilities. The following are some of the licenses for NSX:

* NSX Standard: This edition provides basic network virtualization and SDN capabilities, as well as support for up to 250 virtual ports.

* NSX Advanced: This edition adds more advanced features such as NFV, micro-segmentation, and hybrid cloud support, as well as support for up to 1000 virtual ports.

* NSX Enterprise: This edition provides all of the features in the Advanced edition, as well as additional capabilities such as network analytics and reporting, and support for up to 2000 virtual ports.

Certifications for VMware NSX

—————————–

VMware offers several certifications for NSX, each of which provides a different level of expertise and knowledge. The following are some of the certifications for NSX:

* VMware Certified Network Associate (VCNA): This certification provides a foundation-level understanding of NSX and its features.

* VMware Certified Network Professional (VCNP): This certification builds on the VCNA and provides a more advanced understanding of NSX, including its architecture, configuration, and management.

* VMware Certified Network Expert (VCNE): This certification is the highest level of certification for NSX, providing a comprehensive understanding of the platform and its capabilities.

Benefits of VMware NSX

————————-

There are several benefits to using VMware NSX in your organization’s network management strategy. Some of these benefits include:

* Increased agility: With NSX, organizations can quickly and easily provision and deploy networks, providing a more agile network infrastructure.

* Improved security: NSX provides advanced security features such as micro-segmentation and NFV, which can help protect against cyber threats.

* Cost savings: By virtualizing their network infrastructure, organizations can reduce the cost of managing and maintaining their networks.

* Better scalability: NSX is designed to scale to meet the needs of growing organizations, providing a more efficient and cost-effective way to manage network resources.

Conclusion

———-

VMware NSX is a powerful software-defined networking platform that provides a range of benefits for organizations looking to improve their network management capabilities. With its advanced features such as network virtualization, SDN, NFV, micro-segmentation, and hybrid cloud support, NSX can help organizations build more agile, flexible, and secure networks. Additionally, with the various licenses and certifications available for NSX, users can ensure they have the right level of expertise and knowledge to effectively deploy and manage their networks.

Deploying VMware Event Broker on Kubernetes: A Hands-On Guide

=================================================================

In this article, we will explore how to deploy the VMware Event Broker (VEBA) services within an existing Kubernetes (K8S) cluster and use it to add/edit custom attributes information to virtual machines. We will also demonstrate how to create a Function-as-a-Service (FaaS) using OpenFaaS to listen for events in the VMware vCenter infrastructure and run specific tasks when filtered events occur.

Background Information

———————

VEBA stands for “VMware Event Broker Appliance”: a Photon OS based virtual machine, available in OVA format, with an embedded small K8S cluster to support the “VMware Event Broker” services. The VEBA deployment method provides a simple and easy-to-use way to deploy the event broker services within an existing K8S cluster.

The VMware Event Router is the VEBA component that watches for new events generated by an Event Stream Source and routes the event to the function-processor. The function-processor then forwards the event to the function-handler, which performs the desired actions based on the event type.

Why Use VEBA on Kubernetes?

——————————–

Using VEBA on K8S provides several benefits, including:

* Easy deployment and management of event broker services within an existing Kubernetes cluster.

* Support for multiple event sources, such as vCenter, NSX, and vSAN.

* Ability to handle a large number of events per second, making it suitable for large-scale virtualized infrastructure.

* Integration with OpenFaaS allows for the creation of Function-as-a-Service use cases, further expanding the capabilities of VEBA.

Prerequisites

—————-

Before beginning, ensure that you have the following prerequisites in place:

* An existing Kubernetes cluster with a working OpenFaaS installation.

* A valid vCenter server and credentials to access it.

* Custom attributes defined in vCenter for the virtual machines of interest.

Deploying VEBA on Kubernetes

——————————

To deploy VEBA on K8S, follow these steps:

1. Clone the sample repository:

“`bash

git clone https://github.com/lrivallain/veba-samples.git

“`

2. Create a secret to store the local configuration:

“`yaml

kubectl create secret generic vc-config –from-literal=vc-username=,vc-password=

“`

3. Deploy VEBA with OpenFaaS:

“`yaml

kubectl apply -f https://raw.githubusercontent.com/lrivallain/veba-samples/master/openfaas-fn.yaml

“`

4. Create a function-processor.yaml file in the same repository as the sample:

“`yaml

apiVersion: 1.0.0

kind: FunctionProcessor

metadata:

name: openfaas-fn

spec:

processor:

handler: path/to/your/function/handler.go

functions:

– name: my-function

handler: path/to/your/function/handler.go

“`

5. Apply the function-processor.yaml file:

“`yaml

kubectl apply -f function-processor.yaml

“`

6. Create a stack.yml file in the same repository as the sample:

“`yaml

services:

– name: veba

image:

ports:

– name: http

port: 31112

volumeMounts:

– name: secret

mountPath: /etc/veba/secret

– name: openfaas-fn

image:

ports:

– name: http

port: 31112

“`

7. Apply the stack.yml file:

“`yaml

kubectl apply -f stack.yml

“`

8. Verify the deployment by running the following command:

“`

kubectl get pods -n openfaas-fn

“`

Expected output:

“`

NAME READY STATUS RESTARTS AGE

openfaas-fn-6f45754881 1/1 Running 0 3m29s

“`

Creating a Function-as-a-Service Use Case

——————————————

Now that VEBA is deployed within the Kubernetes cluster, we can create a function-as-a-service use case to listen for events in vCenter and run specific tasks when filtered events occur. To do this, we will create a custom attribute in vCenter, power on a VM, and then invoke our function to update the custom attribute with the VM name.

Step 1: Create a Custom Attribute

———————————

First, let’s create a custom attribute in vCenter that will be used by our function. Log in to your vCenter server and follow these steps:

1. In the vSphere client, navigate to the “Home” tab and click on the “Edit” button next to the “Custom Attributes” option.

2. Click on the “Add Custom Attribute” button and enter a name for your attribute (e.g., “VM-Name”).

3. Click “OK” to save the new custom attribute.

Step 2: Power On a VM

—————————

Next, power on a VM of interest and wait for the custom attribute to be updated with the VM name. To do this, follow these steps:

1. In the vSphere client, navigate to the “Home” tab and click on the “Power” button next to the VM of interest.

2. Select “Power On” from the dropdown menu.

3. Wait for the custom attribute to be updated with the VM name.

Step 3: Invoke the Function

—————————–

Now that the VM is powered on and the custom attribute has been updated, we can invoke our function to update the custom attribute with the VM name. To do this, follow these steps:

1. Log in to your Kubernetes cluster using kubectl.

2. Run the following command to invoke our function:

“`bash

kubectl apply -f https://raw.githubusercontent.com/lrivallain/veba-samples/master/update-custom-attribute.yaml

“`

3. Wait for the custom attribute to be updated with the VM name.

Expected output:

“`

Custom Attribute “VM-Name” with value “my-vm” has been updated.

“`

Conclusion

———-

In this article, we have demonstrated how to use VEBA on Kubernetes to listen for events in vCenter and update custom attributes based on those events. We have also shown how to create a function-as-a-service use case to accomplish this task. With this information, you should now be able to leverage the power of VEBA and OpenFaaS to automate your virtualized infrastructure management tasks.

Welcome to the latest edition of vChat, the virtualization video chat where we discuss all things VMware vSphere, cloud computing, and virtualization news! In this episode, Simon Seagrave (TechHead.co), Eric Siebert (vSphere-Land.com), and I (David Davis) dive into what we’re currently using for our virtual labs, including cloud, physical, and virtual options.

One of the main topics of discussion was Simon’s new vVNX videos, which provide a comprehensive overview of how to use vVNX for home labs. We also touched on other home lab vSphere storage options and how they can be used to enhance your virtualization experience. If you’re looking to set up a home lab or are interested in exploring different storage options, be sure to check out Simon’s videos for some valuable insights!

Another exciting topic we covered was our VMworld 2015 pre-view. As you may know, VMworld is one of the biggest virtualization conferences of the year, and we’ll be bringing you all the latest updates and news from the show. Be sure to stay tuned for our next episode, where we’ll be dedicating the entire show to VMworld 2015!

As always, we had a great time recording this episode of vChat, and we hope you enjoy it as well. If you have any questions or comments, feel free to leave them below. And don’t forget to subscribe to our podcast on iTunes to stay up-to-date with all the latest virtualization news and trends!

Simon, Eric, and I would like to thank everyone for watching, and we look forward to bringing you more great content in the future. Until next time, stay smart and keep virtualizing!

David

The article discusses the importance of understanding VMware High Availability (HA) and how it can help organizations ensure business continuity and prevent downtime. The author highlights that HA is not just about failing over to a standby server, but rather it is about providing a proactive approach to avoiding downtime and ensuring application uptime.

The article explains that there are two types of failures in vSphere HA: host failure and application failure. Host failure occurs when a physical host where virtual machines (VMs) are running becomes unavailable, while application failure occurs when an application running on a VM experiences a failure. The author emphasizes the importance of understanding these failure types and how they can impact business operations.

The article also discusses the concept of Failure Isolation Partition (FIP), which is a feature of vSphere HA that allows organizations to isolate failing applications and prevent them from affecting other applications running on the same host. The author explains that FIP is particularly useful in scenarios where a single application failure can have a ripple effect and impact other applications running on the same host.

Additionally, the article touches upon the topic of proactive HA, which involves taking a more proactive approach to avoiding downtime by identifying potential issues before they become critical. The author highlights that this approach can be achieved through monitoring and analyzing data from vSphere HA, as well as other tools and technologies.

The article concludes by emphasizing the importance of understanding VMware HA and how it can help organizations ensure business continuity and prevent downtime. The author encourages readers to explore Tanzu Mission Control, a new feature of vSphere HA that provides a more proactive approach to avoiding downtime.

Overall, the article provides a comprehensive overview of VMware HA and its features, including FIP and proactive HA, and highlights the importance of understanding these concepts for ensuring business continuity and preventing downtime.

Troubleshooting Smart Card Authentication Issues in vCenter Server 7.0 Update 3i

In this blog post, I will discuss the issues we encountered with smart card authentication in vCenter Server 7.0 Update 3i and how we resolved them. We recently tested a recent upgrade to VMware vCenter Server 7.0 Update 3i, and encountered an issue where the vCenter Server would no longer authenticate users via smart cards/X.509 certificates. The vCenter Server would not even request a certificate from the client’s browser anymore. This seemed odd as the functionality worked fine on the previous 7.0 Update 3h.

After reverting the upgrade and testing that it wasn’t an issue with the upgrade process itself, a support ticket was opened with VMware support. To their credit, they quickly answered back with a reference to VMware KB90542 and stated that the TCP port used for smart card authentication had changed and is now TCP 3128. Armed with this information, my team verified that indeed port TCP 3128 was being blocked at the firewall. Firewall rules were changed, and testing verified that smart card authentication was indeed successful again.

Moving on to a couple of weeks later, we began deploying this update to a production vCenter Server instance. Everything appeared to work great until we tested smart card authentication. At first, the process seemed normal as the browser prompted us to provide a certificate, but immediately after providing the certificate, the authentication would fail.

My first instinct was to check the log /var/log/vmware/sso/websso.log on the vCenter Server to determine what the issue might be. Often this is where issues with OCSP revocation or other certificate trust-related items are logged. To my surprise, absolutely nothing was logged during the authentication attempt. This seemed quite odd and made me think that something was missing within the configuration that was preventing the VMware rhttpproxy service from even passing the certificate information to the VMware SSO service.

My next instinct was to review the documentation for configuring smart card authentication. Specifically, I reviewed the documentation titled Configure the Reverse Proxy to Request Client Certificates. Immediately I noticed something interesting about step number 3 in this document. This step included a caveat that it applied only to vCenter versions prior to 7.0 U3i. Within this step, you are required to specify the path of your trusted CA certificates within the configuration file /etc/vmware-rhttpproxy/config.xml. I checked the configuration file on this vCenter Server and sure enough, the path specified was different from the path used in the documentation.

I moved the trusted CA certificates file to /usr/lib/vmware-sso/vmware-sts/conf/clienttrustCA.pem as specified in the documentation and then noticed that step 4 also had instructions that differed based on the patch version. Instead of restarting the rhttpproxy service, it stated that you should restart the sts service instead. I followed the instructions for 7.0 Update 3i and again tested smart card authentication. Testing was successful, and we were able to close out the maintenance successfully.

Based on the documentation changes and the KB article, it appears that within this minor patch release for VMware vCenter Server 7.0, a change was made to no longer utilize the VMware rhttpproxy instance to complete the smart card/X.509 authentication process and instead VMware moved the certificate exchange process to a new TCP port that is managed by the VMware STS service. If you are encountering similar issues, carefully review VMware KB90542. Hopefully, this helps you resolve your issue as well.

In conclusion, smart card authentication issues in vCenter Server 7.0 Update 3i can be resolved by reviewing the documentation and making changes to the configuration file based on the patch version. Additionally, it is important to check the log files for any errors or issues and to ensure that the firewall rules are configured correctly. By following these steps, you should be able to successfully authenticate users via smart cards/X.509 certificates in vCenter Server 7.0 Update 3i.