Nested Home Lab – Part 6 – Adding your first user

As in the previous post, if you haven’t done so already, you need to install the Client integration plugin which can be found in the iso at vcsaVMware-ClientIntegrationPlugin-6.0.0.exe.
Firstly unpack the ISO to your local drive. C:/temp for example.
1. Double click on vcsa-setup.html. (found in the unpacked ISO).
3. Select Install
5. Enter in the IP address, username (usually root) and the password of the ESXi server you are deploying the PSC to.Click Next.
6. Accept the certificate warning by clicking Yes.
7. Enter in the name of the VCSA and give it a password. Click Next.
8. On this screen you have three choices. For our lab we’ll select “Install vCenter Server (Requires external Platform Services Controller)“. Click Next.
9. Now here we’ll want to enter in the details of the PSC we deployed previously, entering in the PSC name and the SSO password. Its usually best to leave the SSO port at 443. Click Next.
10. Leave the appliance size at tiny. Click Next.
11. Select the datastore you want to deploy into and select “Enable Thin Disk Mode“. Click Next.
12. Select “Use an embedded database (vPostgres). Click Next.
13. Carefully, enter in the networking details, tick “Enable ssh”. Click Next.
14. Check all your config details. Click Finish
So back again.
In this post we’ll look at installing the Platform Services Controller (PSC).
Forgetting about ESX for a minute, this new iteration of vSphere is, in my opinion, a huge leap forward for administrators. It feels like the virtual appliance architecture has finally come of age. The split of duties makes a great deal of sense. The PSC is responsible for Single Sign On (SSO), Licensing, and as a Certificate Authority, while the VCSA hosts the inventory service, the web client and others.
So why on different appliances for this lab? Well going forward, in future blog posts, we’ll look at connecting a second VCSA to the PSC.
This first VCSA and PSC will lay the foundation for this and future labs
OK onward.
To install the VCSA and/or PSC you you will need to install the VMware client intergration plugin. can be found in the iso at
This part of the installer does assume that you have a DC up and running. If you don’t you should get one setup before continuing as we will need it later, if you choose to follow that part of the guide.
Once that’s done we can fire up the installer and get the PSC installed.
Firstly unpack the ISO to your local drive. C:/temp for example.
1. Double click on vcsa-setup.html. (found in the unpacked ISO).
11. Networking is King here and you’ll need to be vigilant going through this. For the time sync select “Synchronize appliance with ESXi host” and tick “Enable ssh”. Click Next.
Use | Example IP Range | Note |
VM and Management | 192.168.0.0 | Best to use you existing home network. |
VSAN (vlan 30) | 192.168.100.0 | Internal Only |
vMotion (vlan 40) | 192.168.110.0 | Internal Only |
It is considered best practice to separate out various types of network traffic. Usually you would separate out your VM traffic from your management but for this lab we will keep them together. We will separate out vMotion and VSAN traffic though.
ESXi: When I’m designing a vSphere environment with rack mount servers in mind I usually separate management traffic out into a separate standard virtual switch (2 x 1g ports) and all other traffic is sent to 2 x 10g ports through a distributed virtual switch using vlans to separate the traffic further and NIOC to control bandwidth.
All righty then, what’s this going to look like for us?
In Workstation:
So far, so good. For Workstation nothing else needs to be done.
As you can see from the ESXi image above I haven’t specified a physical adapter for vSwitch1, With ESXi if network traffic is on the same VLAN and on the same virtual switch, it won’t go the the physical switch. The virtual switch, an in memory construct, will just pass the traffic along, however if you need to cross VLANs, the traffic will need to be passed to the physical switch for routing across VLANs. In this case, its very handy as we won’t want traffic to pass between the VSAN port group and the vMotion port group. EDIT: What we want to do is set-up the LAN port group with VLAN 4095. This will enable ESXi to pass the vlan traffic about correctly.
Now is ESXi we need to make two changes to the vMotion and VSAN port groups, Enable Promiscuous Mode and Forget Transmits:
William Lam of Virtually Ghetto has a great write up here discussing the reasons for this.
So those are the networking eccentricities, Next we’ll look at getting our first VCSA with a dedicated Platform Services Controller up and running.
Just a note: I had hoped to post this sooner but family and holiday commitments took over.
Next post we’ll look at the networking required for your nested lab.
But what do you want out of a lab? Do you want to test new software, create disposable environments, run a permanent infrastructure? I guess its really up to and your budget. For me its important to test new software, do early investigation before I approach work and study. Do I need permanent running infrastructure? Not really. I prefer nested a ESX solution. It suits me and my budget. However there are many instances when you would want a “physical” lab, Consultants for a start.
Anyway, I have only three bits of kit that are really important to creating my home lab.
The whole lab runs several Nested VM’s. Usually three ESX servers, VSAN, one VCSA and a DC. However it has run four ESX Servers, two windows servers with vCenter and SRM, and two Netapp simulators.
In the next post I’ll step through setting up a nested virtual lab.
Session: Extreme Performance Series – Understanding Applications that Require Extra TLC
Speakers: Vishnu Mohan (VMware), Reza Taheri (VMware).
This session was one of a series covering Extreme Performance.
If you are a virtualization Engineer then this should be a session you catch-up with and I am an engineer to my core. Of the three VMworld’s I have attended this was by far the most enjoyable and interesting session I have attended.
This session really looks at edge cases where virtualizationtechnologies would be the cause of performance issue.
Things like standards are not really discussed but assumed, in so much as this talk doesn’t cover rookie mistakes and assumes for all scenarios that all best practices are currently being met and the latest VMware stack is being used.
Extreme I/O, latency and timers are covered, dissected and demystified. Both Vishnu and Reza were brutally honest and completely unapologetic about the limitations of virtualization. The issues that were encountered affecting virtualization, would affect all platforms and not just VMware’s.
The speakers do make it very clear that for 99% of workloads/applications the default settings will serve you just fine and they are completly right. When was the last time you needed to “tune” a VM, not the application but the VM?
Also questions are posed along the lines of “You want to use SR-IOV? What for?” A VM can push 1 million packets. Perhaps if you needed extremely low latency and virtualization together. But maybe you would be better off going physical in that case.
For me the big takeaway from this session is know your workloads. Question and analyse.
I’ve just finished reading NetApp’s white paper WP-7193, FAS Hardware: Optimized for I/O Expandability, and Reliability.
First off I would say that this is not a paper that is heavy on the technical details. It more of a “this is what we do and how we do it” paper. At time it does read like a marketing paper but over all its a paper that would be good for somebody to read that is new to NetApp and would like to find out a bit more about the technology.
The focus is on their FAS series, which is where I would expect most peoples first contact with NetApp would be and covers a fair amount of topics from Storage I/O Data paths to on disk error correction.
One of the topics is touches on is the attitude that a storage system (NetApp, EMC, 3PAR, etc) is really just a fancy server with disks attached. While the argument can be made it usually indicates a lack of understanding of how a dedicated storage appliance really works. Yes is has an Intel CPU and Toshiba RAM and Hitachi disks but it is highly optimised to perform two functions: Serve Data, Protect Data. Both ways it is an interesting argument. How much is hardware and how much is software. With the availability of very well featured software storage OS’s such as FreeNAS the waters get muddied further.
I used FreeNAS extensively when studying for the VCAP-DCA exam, it worked and worked well. However the question is, can it compare? For certain uses, sure, its a viable alternative, cost effective and easy to manage. Could it go head-to-head with a FAS2240? Even though I doubt it, its something I am curious to test.
At my place of work we use the Cisco Nexus 1000v. It was a big part of my drive in the last year to bring all parts of IT into the virtual environment.
Selling the 1000v to the Network department was actually very easy. I gave one of the engineers a Cisco white paper to read on physical switch best practice and VMware. He read it that night and came to the office when straight to his manager and explained why we needed to buy it.
The whole purpose of this was to bring the network team into the fold. As we moved forward with a fairly aggressive P2V drive the network team has slowly lost control and visibility of a fairly major part of their network. Not being able to apply and guarantee the same network policies across the network estate is a major cause of concern for many network people.
The network team are now approaching me and asking if they can look at putting the virtual versions of the physical security appliances they use into the Virtual environment, so when I was at VMworld in Barcelona, I made a point to visit the Cisco stand and ask about the VSG and the Virtual ASA to try to get an idea of how they work with the 1000v’s, differences, licensing and other bits and pieces. They told me that Cisco were going to come out with a two tier licensing model. Essentials and Advanced, in other words free and not free. OK that is a little unfair as the Advanced version does have a few more features than the Essentials version, most importantly for us the Advanced version now comes with a VSG license.
For us this is great. In our small offices (two hosts) we can now start to put the free version and in our large datacentres we can keep using the 1000v but now also have the option of using the VSG. This should also be a big benefit for small companies, schools, charities and anybody else who is cash strapped (and yes, home labs too).
While this is good news, Cisco aren’t in the business of giving away free stuff, they don’t even do, what I fondly refer to as the drug pusher samples (a small bundle of free licenses to get you hooked). It makes me wonder how strong the uptake of the 1000v architecture really was. We love it and get really good use out of it but it is expensive and I believe this cost probably drive most people away.
Either way I think its a good step forward.