Monday 29 February 2016

Ports Required for vCenter Server

Many times there seems to be a common question related to the ports required for for communication so thought of dedicating an article for the same. Let's find out!.

Ports Required for Communication Between Components 

Ports
Description
22
SSH 
53
DNS Client
80
vCenter Server requires port 80 for direct HTTP connections
88
Control interface RPC for Kerberos, used by vCenter Single Sign-On
111
RPC service that is used for the NIS register by the vCenter Server Appliance
123
NTP Client
135
Used to join vCenter Virtual Appliance to an Active Directory domain.
161
SNMP Server
389
LDAP port number for the Directory Services for the vCenter Server group
427
The CIM client uses the Service Location Protocol
443
To enable the vCenter Server system to receive data from the vSphere Client, open port 443 in the firewal
513
vCenter Virtual Appliance used for logging activity
636
For vCenter Server Linked Mode, this is the SSL port of the local instance
902
The default port that the vCenter Server system uses to send data to managed hosts.
903
Access a virtual machine console from the vSphere Client when the vSphere Client is connected directly to the ESXi host 
1234
vSphere Replication
1235
vSphere Replication
2012
Control interface RPC for vCenter Single Sign-On vmdir
2013
Control interface RPC for Kerberos, used by vCenter Single Sign-On
2014
RPC port for all VMCA (VMware Certificate Authority) APIs
2049
Transactions from NFS storage devices
3260
Transactions to iSCSI storage devices


Required Ports for the vCenter Server Appliance 

Port
Description
80
vCenter Server requires port 80 for direct HTTP connections. Port 80 redirects requests to HTTPS port 443
443
The vCenter Server system uses port 443 to monitor data transfer from SDK clients.
902
The default port that the vCenter Server system uses to send data to managed hosts. 
8080
Web Services HTTPS.
8443
Web Services HTTPS.
10080
vCenter Inventory Service HTTP
10443
vCenter Inventory Service HTTPS
10109
vCenter Inventory Service database
514
vSphere Syslog Collector server
1514
vSphere Syslog Collector server (SSL)
6500
Network coredump server (UDP)
6501
Auto Deploy service
6502
Auto Deploy management
9090
vSphere Web Client HTTP
9443
vSphere Web Client HTTPS
5480
vCenter Server Appliance Web user interface HTTPS
5489
vCenter Server Appliance Web user interface CIM service
22
System Port for SSHD

Wednesday 17 February 2016

Custom Properties

We have been dealing with a lot of stuff related to vRealize Automation in our last few blog posts vRealize Automation Installation Part 1vRealize Automation Installation Part 2Multi Machine Blueprints,vRA Layers and Roles and Provisioning Machines in vRA

Here are few scenarios i wish to achieve as per my business requirements. 

1) When user requests machines i want that user should get prompt for changing the name for the machine?

2) I want user who is requesting machine can also create multiple Snapshots. (By default it provides only 1 snapshot).

We can achieve this above requirements by using Custom Properties. 


Custom Properties

We can make use of custom properties to modify the machine during all the stages of its lifecycle like Request,Provision,Manage,Retire.





There are lots of tasks for which we can use the custom properties for example to customize the OS.


If we want user to be select the disk provisioning type, or we want user to select the no of Sockets he needs for the machine during the time when is requesting the service.




While defining the Custom Properties there are different objects that exist on which we can specify the custom properties like

  • Business Groups
  • Compute Resources
  • Endpoints
  • Reservation
  • Storage

For more information refer vRealize Automation Documentation Center

Tuesday 16 February 2016

Provisioning Machines in vRA

We have been dealing with a lot of stuff related to vRealize Automation in our last few blog posts vRealize Automation Installation Part 1vRealize Automation Installation Part 2, Multi Machine Blueprints,vRA Layers and Roles.

Before we proceed further we need to understand that the end user would be able to request for service only when the blueprint has been created, published to catalog, service entitlement has been already been done for that user.

Today we will be dealing with provisioning of Virtual Machines in vRA, so let's get started.

Requesting Machine Service

Provisioning requests can be made from the service catalog, which are made available to users at https://vRealize_Automation_server_FQDN/vcac/org/tenant_URL.
The default tenant URL is in the format https://vRealize_Automation_server_FQDN/vcac.
Business Group users can see all the blueprints for which they are entitled for and they can select any blueprint to start with the provisioning.
Depending how we have configured the blueprint user can change value for many attributes once the blueprint is selected for provisioning a virtual machine.
Multimachine blueprints also need to be published and entitled to users before they it can be provisioned.
While requesting the blueprints users can specify the number of machines to be provisioned, specifications for the component machines like CPU, Memory and storage depending upon the individual components blueprints.

Managing a Machine
Once the machine has been successfully provisioned there are lots of management actions which can be performed on the machine.
  • Install VMware Tools
  • Connect through SSH
  • Connect Using VMRC
  • Change the lease
  • Reconfigure Virtual Machine

We can easily assign and remove these management actions from the entitlements for some machine however can made it available for few other virtual machine.

 For more information refer vRealize Automation Documentation Center


Sunday 14 February 2016

vRA Layers and Roles

We have been dealing with a lot of stuff related to vRealize Automation in our last few blog posts vRealize Automation Installation Part 1, vRealize Automation Installation Part 2 and Multi Machine Blueprints

Now when we know how vRA is installed and also seen the various architectural components which plays a vital role in vRA it's time to deal with various layers and understand how the roles fits in those layers.

1 Infrastructure Layer - Physical Servers, Clouds, Hypervisor (Endpoints)


Infrastructure layer is the first layer managed by System Wide Administrator.


System Wide Administrator also perform few other important tasks like,
  • Installation and Configuration of vRA.
  • Set up default configuration in default tenant (vSphere.local).
  • Creation of other tenants.
  • Sytem Branding
  • Creation of IaaS and tenant admins.

2 Infrastructure Fabric- Connects vRA to endpoints.


Infrastructure Fabric Layer is the second layer managed by IaaS Admin aka Infra Admin.


IaaS Admin also performs few other operations like.
  • Configuration of Infra Fabric by connecting various endpoints.
  • Creation of Fabric Group.
  • Assign Fabric Admin for Fabric Group.
  • Assign Compute Resources.

3 Fabric Group - Divides infra fabric into smaller chunks


Fabric Group is the third layer managed by Fabric Admin.


Fabric Admin also performs tasks likes
  • Configuration of Fabric Group.
  • Machine Prefixes.
  • Network Profile.
  • Create Business Group.
  • Configure Reservation for Business Group to use.

4 Tenant - An Organization  


Tenant Layer is the fourth layer managed by Tenant Admin.


Tenant Admin also has other tasks to perform like.
  • Configuring tenant specific branding.
  • Manage blueprints with context of that tenant.
  • Assign and Manage Business Group Managers, Approval Admins and Approvers.

5 Business Group - Internal Department within Organization


Business Group is the 5th layer controlled by Business Group Manger.

  • Business Group Manager can be an Approval Admin.
  • Can see and manage catalog services.
  • Can manage & create blueprints for the business groups.



For more information refer vRealize Automation Documentation Center


Thursday 11 February 2016

Multi Machine Blueprint

In our last couple of blog posts  vRealize Automation Installation Part1 and vRealize Automation Installation Part 2 we understood various vRA components and talked about the installation of vRealize Automation.

Spent some time today on vRA and created few multi machine blueprints so thought of updating the same in my blog.  

Blueprints?


Machine blueprints are the complete specification for a virtual,cloud,or physical machine and specify how the machine is provisioned.

Blueprints are published as a catalog items and can be shared across all business groups or can be created local to a specific business group.

Before proceeding further make sure we are logged in with the correct user, in the below screenshots i have logged in as tenant admin and created the blueprints. I Have already created two blueprints one for windows virtual machine and other one for Cent os virtual machine so as i can use them while creating multi machine blueprints.



In the new blue print specify the name, Master (Copyable) allows business groups managers and tenant administrators to copy the blueprint when creating the blueprint.
Display location on request can be used if the location has been defined in the vRealize Automation location file and a compute resource has been associated with that file.
Shared Blueprint blueprint is visible to all the business groups.
Reservation Policy Maps blueprint with reservation
Machine Prefix Naming Structured of the newly created virtual machine.
Archive (Days) Number of days archived virtual machine is available for reactivation.
Cost- Amount associated with the compute resource 


Build Information - Specify the blueprints to be added in multi machine blueprints and proceed further with the completion of creation of blueprint.


Before publishing the blueprint we can also specify custom properties which are normally used for modification of blueprints behaviour (specifying the OS image to use during provisioning) and actions tab talks about the possible operations which can be performed on those virtual machines which are provisioned using blueprints. 



In order to make the blueprints appear as catalog items we need to publish them as by default blueprints are saved as drafts and must be manually published.

Fore more information refer http://pubs.vmware.com/vra-62/index.jsp


Monday 8 February 2016

Cloud Based Storage

We have been dealing with couple of Microsoft Azure Concepts in few of our blog posts mainly the one related to Azure Series in which we discussed about Understanding Microsoft Azure, Virtual Networks ,Azure Management Tools and Azure Virtual Machines.

This post would be dedicated to understand the Cloud Based Storage and How Microsoft Azure Fit's In. So let's proceed further and try understand what are we dealing with.

First of all we need to understand that here we are not talking about on premises storage and nor we are dealing with it, means we are not going to manage the Cloud Based Storage as we do in case of our On-Premises Storage.

When it comes to Cloud Based Storage we need a valid Azure Subscription and a Storage Account to be created and configured based on our requirements.






Azure Storage is a Cloud Based Storage which we can provisioned on demand and can be used for various platforms and applications. (Backups, Big Data).

Azure Storage Service

Azure Storage Service includes

File Storage- Can be used by Virtual Machines for sharing data across various applications.

Queue Storage- Providing the communication between various cloud service components.

Table Storage- Helps for fast access to large amount of data using partition and primary key

Blob Storage-  Stores text, media files, which can be accessed by providing a path. Further defined in two types Block Blobs (For Streaming Audio and Video) and Page Blobs (For Read and Write).


 For more information refer Microsoft Azure Essentials

Saturday 6 February 2016

Azure Virtual Machines

In our last few blog post of Azure Series we discussed about Understanding Microsoft Azure,Virtual Networks and Azure Management Tools here we will be focussing on Azure Virtual Machines and will try and understand the various aspects related to it.

Azure Virtual Machines are virtual servers that runs in Azure cloud and make use of various Azure Services including Storage, Networks and Cloud services (Network Container).

For Virtual Machine to consume storage a Storage Account needs to be created for storing virtual hard disk files.

Azure Virtual Machines are provided as part of IaaS cloud offering and provides a public endpoint IP address.

VM's can communicate with other VM's which are part of the same Cloud Services and all the communication here is internal within the Azure and internet is not used for communication with each other.

With the Help of Built-in-Azure DNS Server name resolution of all the VM's which are part of the same Cloud Service is made available.

Again when it comes to Cloud Services there could be many VM's being part of same Cloud Service and in that case DNS (or IP address of Cloud Service) is not enough to communicate with a specific Virtual Machine.

This is something which can be achieved with Endpoints (Contains a Public Port which is publicly accessible over the internet and Private Port (RDP or HTTP) on which the service is running in Azure VM).

Endpoints are acting as helping hands in connecting Public Interface (VIP) on Cloud Service to Private Interface on a VM within the same Cloud Service.

When Creating a New Virtual Machine default endpoints are created automatically for Windows (RDP 3389, RemotePowerShell 5986) and Linux VM's (SSH 22).



Compute>Virtual Machine>Quick Create / From Gallery 


Select Image




Provide Name, Tier, Size, Username and Password


Create New or Select Existing Cloud Service, Cloud Service DNS Name, Region, Storage Account, Endpoints.



Additional Configuration and Security extensions can be also selected.



Even if we want to create additional endpoints for publishing other services like FTP,SMTP we can do so by defining the Protocol,Private and Public Ports to be used.

For Cloud Services to communicate with endpoints an IP address need to be assigned to cloud services which is done automatically by default or can be done manually by reserving an IP address.

When IP assignment is automatically done VIP (Virtual Internet Protocol Addresses) addresses are used which are acting as Public IP Address used to access Azure resources within that Cloud Service.

However when the IP's are specifically assigned to a Cloud Service Reserved Virtual Internet Protocol Addresses which will be associated with Cloud Services even when all the VM's are deleted or stopped are used.

Virtual Machines Sizing

Basic- Lower priced which doesn't include load balancing.

Standard- Provides resources for many workloads and auto-scaling,load balancing.




When it comes to Sizing Virtual Machines few points are of Key Importance like the Size of Virtual Machine is directly Proportional to its Pricing.

Virtual Machine Sizing can help you decide what would be the appropriate size for your virtual machines, also when it comes to hosting production workload A1 is considered as smallest size.

Virtual Machine IP Addressing

When Virtual Machines are created by default they are assigned a Virtual NIC (vNIC) with a Dynamic IP Address (DIP) which is randomly assigned by Azure from the range of available addresses for that Cloud Services, however if we want to choose specific IP range we can also make use of VNet's.

Static IP Address on VM's can also be assigned specially for those VM's which are running IP address sensitive applications and the static IP will be maintained for that VM even when the VM is Stopped.

For more information refer Microsoft Azure Essentials   

Friday 5 February 2016

Azure Management Tools

In our last blog post of Microsoft Azure series we understood What is Azure and also had an introduction about Virtual Networks (VNets). In this article we will see various Azure Management tools.


Azure portal 


Provides a web based user interface for managing the azure subscriptions and services and for most of the deployment portals are considered as primary management tools.

Full Azure Management Portal 

Implemented as web application at https://manage.windowsazure.com  provided we are sign in using Microsoft account or an organisational account can also be used which is associated with Azure Subscriptions.




We can use the full Azure Management Portal for Provisioning Services, Managing Services, Adding Co-Administrators.


The New Azure Portal

The new portal https://portal.azure.com represent many changes when compared to the Full Azure Management Portal.




* Most of the tasks can be performed from both the above portals however few tasks are only available in the Full Azure Management Portal, and few preview features are only available in The New Azure Portal. Reference for Navigating the Azure Portal.

Windows PowerShell


PowerShell provides scripting platform for managing Windows, and can be extended to various infrastructure solutions like Azure known as Azure PowerShell.

Azure PowerShell can be installed through Web API (Azure PowerShell Download) and can be installed using the PowerShell Gallery. But there are few more tasks that need to be taken care when installing the PowerShell, i would suggest refer Azure Installation and Configuration for a complete list of steps.

There are two PowerShell Libraries which can be installed for management of Windows Azure.

1) The Azure PowerShell Module

Azure PowerShell Module is primary PowerShell Library which can be used for the management of Microsoft Azure Services and includes modules like Azure (Core Set of cmdlets for managing Azure Services), Azure Resource Manager (Set of cmdlets for managing resource groups) and Azure Profile (cmdlets for managing authentication and execution context).

2) The Azure AD PowerShell Module

If we are planning to implement Azure AD in our environment we can install AD PowerShell library to manage user and, groups. Before we proceed with the installation of the Azure AD PowerShell module we need to ensure that the installation of Microsoft Online Services Single Sign-In Assistant  has been taken care.


For more information refer Microsoft Azure Essentials

Virtual Networks (Microsoft Azure)

Now when we know what is Microsoft Azure as discussed in Understanding Microsoft Azure
let's move ahead and try understand few networking concepts in Microsoft Azure.

Virtual Networks can be used to configure and to control connectivity between virtual machines and Paas Cloud Services roles.

Virtual Networks (VNets) helps in extending on premises network into cloud.

VNets enable a direct communication between a VM and a Pass Cloud Service.

VM's in aVNet can communicate directly with any other VM in the VNet,even if it is in a different Iaas cloud service.

Can i use the similar private IPv4 range as used in my on premises network ?

Yes we can use the same IPv4 range as used in on-premises network in Azure VNets.

1) 10.x.x.x
2) 172.16.x.x -172.31.x.x
3) 192.168.x.x

How can i move my on premises server to Cloud?

Moving an on -premises server to cloud can be done by using VPN, which can help connect our on premises network to Azure VNets and to the VM's and Pass cloud services which it contains.

Customization of my on premises DNS servers in possible?

Customization of on premises DNS servers is supported to ensure that your on premises computers can resolve the IP address of virtual servers in VNets.

What are the available options to connect on premises network to Azure VNet.

  • Point-to-site VPN - Connects a single computer to VNet, to create such a connection type we need to configure each on premises computer.
  • Site-to-site VPN- It connects with on premises network and all the computers to VNet, configuration of gateway and Routing in on premises network is required.
  • Express Route-  Dedicated service which helps us to connect on premises network to Azure VNet over a dedicated private connection provided by connectivity provider.

For further information refer Microsoft Azure Essentials Guide