vToolbelt – October 2017
Whelp, September flew right by me! The VMware ecosphere (vSphere, vSAN, NSX, et all) is moving at an unbelievable pace. VMworld provided a number of large announcements and a tremendous amount of knowledge!
In addition to the big announcements, there has been a lot of information to take in. Let’s get to it…
Upcoming Ohio VMware Events
Cleveland VMUG (November 1) – Progressive Insurance is hosting the next VMUG in Cleveland. They will be peeling back the covers on their operation and sharing their experiences. Get more information and register here.
Cincinnati VMUG UserCON (November 2) – Save the date and plan to be at the Sharonville Convention Center on November 2nd for the VMUG UserCon in Cincinnati. Visit the VMUG.COM site to view the agenda and register.
- VMworld US (Las Vegas) – August 26-30th 2018
- VMworld Europe (Barcelona) – November 5-8 2018
Notes from the Field
VMworld 2017 Recap
I found a helpful link that contains direct playback URLs for all of the VMworld 2017 breakout session recordings (US & EU). It is on GitHub. Click on the .MD file links. They are basic HTML with links to let you watch the recordings on YouTube.
Recapping the major announcements (You can get the day-by-day recap at https://blogs.vmware.com/vmworld)
- VMware Cloud on AWS – expand your VMware infrastructure into AWS
- VMware Pivotal Container Service – combining Pivotal Cloud Foundry with NSX
- VMware Cloud Services – VMware SAAS offerings to extend full featured cloud management into the cloud you use. Bring NSX and Network Insight to your cloud. Use Wavefront to monitor applications. Cost Insight and Discovery help you manage how much cloud you are consuming
- vSphere Integrated OpenStack – Version 4.0 based on the Ocata release of OpenStack with vRA support and multi-vCenter integration
- AppDefense – zero-trust data center endpoint security that includes contextual intelligence about acceptable application behavior
- Workspace One – Evolving endpoint managemnet – including Windows 10, MacOS and now ChromeBook
- Horizon Cloud Apps on Azure – Multi-Cloud flexibility with Centralized Management
- vRealize Suite 2017 – now includes Lifecycle Manager
vSphere & vCenter
Have a need to encrypt a VM in vSphere, or a vSAN datastore? Learn more about Key Manager concepts.
Linking Centers – Initially Linked Mode used MS ADAM technology to link 2 vCenter instances so they could be managed in a single pane of glass. Enhanced Link Mode replaced that (to allow vCenter Server Appliances to link). One of the enhancements released at VMworld is Hybrid Linked Mode. This allows you to link your on-premises vCenter to your vCenter in VMware Cloud on AWS.
Having trouble identifying specific hardware devices in ESXi? You may be reviewing the Hardware Compatibility List or troubleshooting an issue. Learn more about how the Vendor and Device IDs work and how you can use a tool called vmkchdev to troubleshoot.
If you are using self-signed certs in your vSphere 6.5 environment – you may run into an issue deploying an OVA or uploading files to a datastore if the vCenter Server certificate isn’t added to the Trusted Root CA.
Secure by default – Disabling unexposed features. As you know, a VM can move from Workstation/Fusion to vSphere. This means that VMs on vSphere may have options for features that don’t exist. While there is no code in vSphere to exploit, VMware has made some changes to be more secure by default. Some types of audits recommended disabling each of these settings on each VM in vSphere. Now there is a single setting that can disable any setting for a feature that doesn’t’ exist in the hypervisor. Read more on the vSphere Security blog.
An Important patch for All-Flash vSAN was released this week. If you are running an All-Flash vSAN environment with vSphere 6.0 P04 (and later – including 6.5) there is a potential issue that has been patched. Please read the KB article for your environment and patch as appropriate.
If you ever wondered about vSAN Memory Consumption on your host – check out KB 2113954.
A few basic steps you can use to troubleshoot vSAN Witness Node Isolation in a stretched cluster.
Bookmark this! KB 215074 – vSAN Trending Support issues & Best Practices. It is cumulative.
Did you know you can use the vSphere DCUI to monitor vSAN during host reboots? Another good reason to have out-of-band KVM access to your hosts…
Top 10 things to know about vSAN (Duncan Epping @ YellowBricks.com)
If you run vSAN but haven’t gone to 6.6 yet – you really need to check it out. There are many performance enhancements. Here is a walkthrough of the upgrade process.
Get your learn on:
- 3 Free e-books on NSX (automating with PowerShell, Day 1 & Day 2 Operations, & Operationalizing NSX)
- Review the NSX Command Line Reference
- Combine vRealize Automation with NSX
There is a new blogger in-town. vSwitchZero works as VMware supporting NSX. Check out some of his recent articles (VM Network Performance & CPU Scheduling or Using the NSX Engineering root shell) and I think you will want to follow him on Twitter.
If you are worried about not being able to use traditional Network Troubleshooting tools after moving to NSX – check out how use can use Wireshark with NSX VXLAN Encapsulated Frames.
A few other bytes….
Have you thought about starting to use RESTful APIs to roll your own automation? Here are 3 resources that could help you get going:
If you own the vRealize Suite you should check out the Lifecycle Manager. Newly announced at VMworld- it can be used in greenfield & brownfield environments to make running the suite easier.
Did you know you can sign up to receive service advisories for vSAN and other VMware products?
10 Top Support Issues for VMware Horizon (from VMworld 2017)
Using vRealize Log Insight to create a Security Operations Center, and adding DISA STIG Auditing for that.
Question for this month – have you heard the story about how vMotion was developed?