Thursday 26 November 2015

vSphere Update Manager

VMware vSphere Update manager provides centralized, patch management for ESXI hosts, Virtual machine hardware, VMware tools and Virtual appliances.

vSphere update manager helps in reducing security risks, vulnerabilities and makes management and troubleshooting easier.

It includes various components (Server Component which can be installed on the same computer as your windows vCenter Server or can be on a different one) and (Client Components which runs on the desktop) and requires connectivity with your vCenter Server.

vSphere update manager server and the vSphere update manager download service requires a database to store data (oracle, SQL server, and SQL 2008 R2 Express 64 Bit) are the supported databases.

Once the update manager is installed we can configure below vSphere update manager settings.

  1. Network Connectivity Settings 
  2. Download Settings Proxy Settings 
  3. Checking for Updates Settings  
  4. Notification Check Schedule Settings
  5. Virtual Machine Settings 
  6. Host and Cluster Settings
  7. vApp Settings

When it comes to patching, updates and extension in update manager there are 5 thumb rules.

1- Creating a Baseline

Baseline contains collection of patches, upgrades and extension before you can create, edit or delete a baseline ensure you have manage baseline privileges. vSphere update Manager includes two default dynamic patch baselines and three upgrade baselines.

Critical Host Patches (Predefined): Checks ESXi hosts for compliance with all critical patches.
Non-Critical Host Patches (Predefined): Checks ESXi hosts for compliance with all optional patches.
VMware Tools Upgrade to Match Host (Predefined): Checks virtual machines for compliance with the latest VMware Tools version on the host.

VM Hardware Upgrade to Match Host (Predefined): Checks the virtual hardware of a virtual machine for compliance with the latest version supported by the host.
VA Upgrade to Latest (Predefined): Checks virtual appliance compliance with the latest released virtual appliance version.

We can create a fixed baseline which consist of a set of patches that do not change as patch availability changes or we can create a Dynamic baseline which contains set of patches which updates automatically based on the availability and the criteria specified.

2- Attaching a Baseline

In order to view the object is compliant or not we need to attach the baseline to objects like virtual machines, virtual appliances, ESXI hosts and can also be attached to folders, vApps, clusters and data center.

3- Scanning

Scanning is the way through which the attributes of your objects (hosts, Virtual machines or appliances) would be evaluated against the baseline you have attached to that specific object. 

Once the object is scanned either it would be compliant (Means the object is in compliance with the baseline you have attached) or non-compliant (Means the object is missing with patches,extensions, upgrades) that is applied in to the object in form of baseline.

4- Staging

If the scanned object is non-compliant we can go ahead and remediate the object but before remediation we can perform an additional step on host objects i.e Staging which allows us to download the patches extensions from the update manager server to the ESXi hosts, without applying the patches and extensions immediately. Staging in helping us in speeding up the remediation process because now we have the patches and extension available locally on ESXi hosts.

5- Remediation

Remediation is last step where we are applying the patch, extension, upgrade to the objects and this step varies based on the object you are remediating for example in case of ESXi hosts which are part of a cluster the process is sequential, however if you have multiple clusters within your data center the remediation process will run in parallel.

For more information on VMware vSphere Update Manager kindly refer

Friday 20 November 2015

VMware vSphere Auto Deploy

vSphere Auto Deploy

Vmware vSphere Auto Deploy is a method of provisioning ESXi hosts.

With Auto Deploy ESXi Image is streamed across the network to the host and is loaded directly into the memory.

When the host is shut down the state of the host is lost but can be streamed into memory again when the host is powered back on.

vSphere Auto deploy simplifies host management and also eliminates the need of maintaining a separate boot image for each ESXi host.

vSphere Auto deploy can be configured without a boot disk and all the information is stored off the host and managed by vCenter Server (Image State, Configuration state, Running State,Event Recording).

Auto Deploy Architecture

vSphere Auto Deploy server: 
Serves images and host profiles to ESXi hosts. The server is at the heart of the Auto Deploy infrastructure.

vSphere Auto Deploy rules engine: 
Informs the vSphere Auto Deploy server which image and host profiles to serve to which host.

Image profiles
Define the set of VIBs with which to boot ESXi hosts. 

Host Profiles: 
Templates which define an ESXi host’s configuration (networking or storage setup). You can save the host profile for an individual host and reuse it to reprovision that host. 

Answer files: 
Stores host-specific information.

For further information kindly refer

Sunday 15 November 2015

VMware vCloud Director Networking Explained

Dedicated this article to understand how Networking works in VMware vCloud Director but before we proceed further with the concept of VMware vCloud Director networking.

Let's understand about VMware vCloud Director which is a software solution that help us to create Secure, Multi tenant Private cloud by pooling the underlying vSphere resources.

Vcloud Director helps you to provide dynamic networks for your customers without damaging the stability of your corporate IT network.

Types of networks

1 External networks
  • External networks helps providing a connection to the outside the world (internet).
  • External networks are backed up by port group in your vSphere
  • These include distributed switch port groups, standard switch port groups, and Cisco N1000V port groups.

As a best practice use distributed switches as they provides consistency in terms of names and port groups on all ESXi hosts in a cluster.

2 Organization Network
  • Org network is used by virtual machines in the Organization VDC (Tenant) to communicate with each other.
  • Also to access other networks, including Organization VDC networks and external networks, either directly or through an Edge Gateway that can provide firewall and NAT services.
There is a further categorisation that exist for Organization Network as each Organization may have different set of requirements that how exactly they want their Networking to be set up.

Three types of Org VDC Networks are:

  • Direct Connect Org VDC networkAs the name says a Direct Connect organization vDC network is a representation of a specific external networkWhich uses external network to connect directly to the Internet or to systems outside of the cloud.Direct connect Org VDC network are created by System admin and cannot be changed or managed by Organization Administrators

**Source - My Notebook.
  • Routed Organization vDC Networks- This network connects to a vShield Edge gateway device (router). Only a vCloud Director System Administrator can manage external connections to the edge device.Once an Edge gateway has been created for an  Organization, the Organization Administrator can create as many routed networks as necessary, within the limitations of the Edge gateway device that have been defined by the vCloud Director administrator.
  • Isolated Organization vDC NetworkAn isolated network is backed by an Edge device that can provide DHCP and Static IP services to a single organization's network.  Organization Admin can create any number of isolated organization VDC networks. An isolated organization vDC network is defined as a Single Subnet.
3 vApp Network
  • A vApp network is a logical network that controls how the virtual machines in a vApp connect to each other and to organization VDC networks.
  • And a further Categorization does Exist for vApp Network as well likewise Organization Network.
Three types of vApp Networks are:
  • Direct-connect Network- Extension of Org VDC network , in which the Virtual Machines are directly connected to a selected Organization VDC Network.
  • Routed Network. The Routed Network type of connection is the most common vApp network configuration when the virtual machines of a vApp must have Internet access or access to other hosts attached to the network.
  • Isolated NetworkAn isolated vApp network does not connect to an Organization VDC network and a vShield edge device is deployed for isolated networks.

For more information refer VMware vCloud Director Documentation

Friday 13 November 2015

Virtual Machine Component Protection

  • vSphere 6.0 introduces a powerful new feature as part of vSphere HA called VM Component Protection (VMCP). 
  • VMCP allows HA to respond to a scenario where the connection to the virtual machine datastore is impacted temporary or permanently.
  • It protects virtual machines from storage related events, specifically Permanent Device Loss (PDL) and All Paths Down (APD) incidents.

  • PDL occurs when the storage array issues a SCSI Sense code indicating that device is unavailable.SCSI Sense Code
  • When PDL state is detected host will stop sending I/O requests to the array as it considers the device permanently not available so no reason to issue I/O to device.
  • An unplanned PDL occurs when storage device is unexpectedly unpresented from the storage array without the unmount and detach being executed on the Esxi host.
  • Follow an industry standard maintained by technical committee T10, which is part of international committee on IT standards, all storage arrays that communicate with Esxi host conform to this standard.
  • In the vmkernel.log system log file from an ESXi 5.0 host, you see entries similar to.
  • 2011-04-04T21:07:30.257Z cpu2:2050)ScsiDeviceIO: 2315: Cmd(0x4124003edb00) 0x12, CmdSN 0x51 to dev "naa.600508e000000000c9f6baa7c19f6900" failed H:0x0 D:0x2 P:0x0 Valid sense data: 0x5 0x24 0x0.Mar 9 23:53:24 esx405 vmkernel: 2:14:39:54.069 cpu3:4300)ScsiDeviceIO: 1688: Command 0x28 to device "naa.60000970000292600219533031453245" failed H:0x1 D:0x0 P:0x3 Possible sense data: 0x0 0x0 0x0.
  • Example of PDL is a failed LUN or an admin inadvertently removing WWN from the zone configuration. 

  • A situation which occurs when a storage device is removed from Esxi host in an uncontrolled manner either due to admin error or device failure.
  • IF PDL sense codes are not returned from a device than device is in an APD state and Esxi continues to send I/O to request until it receives a response.
  • The APD situation needs to be resolved at the storage array/fabric layer to restore connectivity to host.

Refer Below KB Articles for More information.

Thursday 12 November 2015

Back To Basics- Part 9 Virtual Volumes Aka VVOL'S

In our couple of blog post related to Back to Basics Series we discussed about Virtual Machine Files (Part1), Standard Switches (Part2), vCenter Server (Part 3),Templates (Part4) vApp Part 5, Migration Part 6,Cloning Part 7,Host Profiles Part 8 and we also discussed about the various tasks related to Home Lab Part1Part 2Part 3,Part 4 and Part 5.

Dedicated this article to understand the newly introduced concept of VVOL ,So far we have been using the traditional Datastore centric approach/ LUN Centric Approach and now the focus is more towards VM Centric approach.

In case of LUN centric approach LUN was responsible for providing both the I/O access and the actual space to store VM files however in VM Centric approach with VVOL's we have seen the two tasks which LUN was capable of doing has been divided into two separate components i.e Protocol Endpoint for (I/O access) and Storage Container for VM files.

  • Virtual Volumes is a new virtual machine disk management and integration framework that exposes virtual disks as primary unit of data management for storage arrays.
  • Virtual Volumes Virtualizes SAN and NAS devices by abstracting physical hardware resources into logical pools of capacity (represented as Virtual Datastore in vSphere) that can be more flexibly consumed and configured to span a portion of, one or several storage arrays. 

  • Virtual Volumes defines a new virtual disk container (the Virtual Volume) that is independent of the underlying physical storage representation (LUN, file system, object, etc.).
  • In other terms, with Virtual Volumes the virtual disk becomes the primary unit of data management at the array level. This turns the Virtual Datastore into a VM-centric pool of capacity.
  • It becomes possible to execute storage operations with virtual machine granularity and to provision native array-based data services such as compression, snapshots, de-duplication, encryption, etc. to individual virtual machines.
  • The goal of Virtual Volumes is to provide a simpler operational model for managing virtual machines in external storage while leveraging the rich set of capabilities available in storage arrays. 
  • Virtual Volume transforms the data plane and control plane of supported SAN/NAS storage systems by aligning storage consumptions and operations with virtual machines. 
  • With Virtual Volumes most of the data operations such as snapshot, cloning, and migrations are offloaded to the storage arrays. 
  • VVOL's Requires support of VMware vSphere API for Storage Awareness (VASA 2.0) provided by storage array vendor.
  • VASA use in vSphere provides various features like offloading the VMDK creation and management to the array.
  • vCenter 6.0 and ESXi 6.
How it Work's ?
  • Once we have the VVOL enabled storage array we need to register the Storage provider in vCenter Server (SMS).
  • Storage Monitoring Service is running in vSphere which helps registering the VASA with vCenter Server.
  • Once the VASA provider is registered with vCenter Server the underlying capabilities of the Storage array are pushed to the vCenter Server thus helping vSphere Admins to create storage policies.
  • On the other hand storage admin will be creating Storage container.
  • Storage admins will also set up Protocol Endpoint (PE) which is providing the I/O access (Virtual Volumes VMDK are bound and unbound to PE by vSphere.