Nested Home Lab – Part 8 – Primary Host networking

July 9, 2015September 9, 2015 ~ Carel Maritz ~ Leave a comment

So in the previous post we added our primary host to the vcsa we built in part 4. Before we build our first virtualized ESXi host we need to add a single standard virtual switch. The foundation for this is discussed in part 2, please take a moment to read it as we’ll be using some of those details.

We want the primary network layer to look like the diagram below. two standard switches. vSwitch0 will already have been created by default and you’ll have a few VM in the VM Network already. The second, vSwitch1, will have only one port group, which I have called LAN. This port is going to be trunked to all VLANs. In addition we’ll also set the configuration for VM Network so that nested ESXi servers pass traffic from their nested VM’s correctly.

Configuring the networking for the VM Network port group.

1. Log in using an account that has permission to configure the environment.

2. Select Home and the Hosts and Clusters

3. Select the Hosts and Clusters icon and then select your primary host.

4. In the right hand pane:
4.1 Click Manage.
4.2 Click Networking.
4.3 Click Virtual Switches.
4.4 Click the “VM Network” port group and click the edit icon.

5. In the Edit Settings windows:

5.1 Select Security

5.2 Tick the boxes to override Promiscuous Mode and Forged Transmits.

5.3 Set Promiscuous Mode and Forged Transmits to Accept.

5.4 Click OK.

That’s the VM network setup. Now we want to setup a new vSwitch with a single port with the same security settings as above.

1. Carrying on from above. Select the icon to create a new standard vSwitch.

2. Select Virtual Machine Port Group for a Standard Switch. Click Next

3. Select New standard switch. Select Next

4. Select Next.

5. Click Next. This warning is just to let you know that the switch doesn’t have any physical NIC’s associated with it, which is fine for our lab.

5. Name the virual port group (I chose LAN) and set the VLAN ID to 4095. VLAN 4095 is the promiscuous vlan. Click Next

6. Select Next.

7. A new standard virtual switch has been created. You still need to configure the security settings of the switch following the process above.

We now have everything we need to install the virtual ESXi servers (post 8) and VSAN (post 9).

Nested Home Lab – Part 7 – Creating a Datacenter and Adding a host.

July 8, 2015September 9, 2015 ~ Carel Maritz ~ Leave a comment

In today’s post we’ll look at adding your primary ESXi host (this is the host that holds your nested environment) to the vCenter server and configuring it up.

Just before we add the primary host we’ll be needing a Datacenter.

1. Log in using an account that has permission to configure the environment.

2. Select Home and the Hosts and Clusters

3. Right click on the VCSA we created and select New Datacenter.

4. Give it a logical name and click OK.

Now to add the primary host.

1. Right click the newly created Datacenter and select Add Host.

2. Add in the hostname or IP address of the Primary host and select Next.

3. Enter in the Username (most likely root) and the password you use to administer this host. Click Next.

4. Check the host summary and click Next. Note that I already have some VM’s created and they have shown up in the Virtual Machines pane.

5. Select a license key, if you have one installed. Click Next.

6. Leave lock down mode disable for now. In later posts we’ll be ssh’ing into the hosts to do a few things and have a poke around. It’s usually my preference to leave lockdown mode disabled unless I have a specific reason not to do so.

7. Select your Datacenter and click Next.

8. Review the host detail and select Finish.

OK so now we’ve added the first host we’ll want to setup networking (next post) for our nested hosts. Just before we get into that, have a look the Mac learning fling here and William Lam’s blog post about it here. I would recommend getting that installed.

Nested Home Lab – Part 6 – Adding your first user

June 12, 2015September 9, 2015 ~ Carel Maritz ~ Leave a comment

Now we have a working PSC and a working VCSA, and the whole set-up enabled for domain authentication. Next we should add a user (you) and if your using ESXi as your hypervizor then next post we’ll add your ESXi host to the VCSA, adding the host won’t be necessary if you’re using workstation.

But first it is important to know, you don’t technically need a directory service but most places will have one and usually it’ll be Microsoft’s Active Directory that’s why I’m including it in these posts.

So before you begin the below make sure you have an Active Directory account created for yourself.

1. If you aren’t already logged in, browse to the vSphere client, accepting any security errors (https://vcsa.domain:9443/vsphere-client), and login using administrator@your.vmwaredomain. In my case I left the SSO domain name as the default. administrator@vsphere.local

2. Select Home and then Hosts and Clusters

3. Select your VCSA server

3.1 Manage

3.2 Permissions

3.3 Then click the “+” icon.

4. Select Add

5. Select your Domain

5.1 Type in the name of the user account or group you want to search for.

5.2 Select the name

5.3 Select Add

5.4 Select OK

6. Once your user is added assign a role and select OK.

You should now see your user or group added to your VCSA. Depending on your permissions you should now be able to login do various bits and pieces.

Permissions can be added to items below the VCSA but it is important to note that permission propagate down the tree. So adding a user to the cluster will give that user rights to the cluster and all objects controlled by the cluster (unless explicitly denied), however this will not give you rights to the VCSA.

Nested Home Lab – Part 5 – Adding an Active Directory identity source to your PSC / VCSA

May 29, 2015September 9, 2015 ~ Carel Maritz ~ Leave a comment

Since the aim in these posts is to make a simple lab environment that you can use to test various scenarios, we’ll also want to have domain authentication set-up. However the lab will still run without domain authentication and you can use local user accounts. I personally prefer to enable domain authentication.

Remember, DNS is a very important part of Identity, so if you run into issues you might want to add that to your trouble shooting.

This part of the guide can be taken on its own but is based on a separate Platform Services Controller and vCenter Server Appliance.

1. Browse to the vSphere client, accepting any security errors (https://vcsa.domain:9443/vsphere-client), and login using administrator@your.vmwaredomain. In my case I left the SSO domain name as the default. administrator@vsphere.local.

2. Browse to Administrator, then System Configuration and select your PSC

3. Select Active Directory and click Join.

4. Enter in the details for a Domain a user account that has permissions to join computer to the domain. Note: The user account format has to be @. Click OK when done.

5. Once this has completed (without any errors) reboot the PSC. Right click on the node and select Reboot.

6. Enter in a reason for rebooting the node if you want (I prefer to do this. Its a good habit to get into) and click OK. Rebooting the PSC will not mess up your VCSA session but will take about 5 mins or so.

7. Once its back, refresh the page. You might need to browse back to the System Configuration page. You should now see the domain field populated and the join button will be greyed out.

8. Click on Administration to take you back a page.

9. Click on Configuration, select the Identity Sources tab and click the “+” sign to add a new identity source.

10. On this popup you will be offered four choices.

10.1 Select Active Directory (Integrated Windows Authentication Once you’ve selected that the Domain name field should automatically populate. If it didn’t then your PSC hasn’t joined the domain correctly.

10.2 Select Use Service Principle Name (SPN). STS/

10.3 Enter in the Service Principle name using the @. This account should have permission to browse your domain.

10.4 And the Password for the above account.

10.5 Click OK

11. If all goes well then you should see a new entry in you identity sources.

And that’s it you can now go and add your first domain user account to the permissions, which I’ll show you in the next post.

Nested Home Lab – Part 4 – VCSA

May 22, 2015September 9, 2015 ~ Carel Maritz ~ Leave a comment

The VCSA 6 now offers feature parity with the windows edition, including the long awaited for linked mode. In fact when you look at the vSphere 6.0 configuration maximums doc it doesn’t have a separate section for the windows deployment and the appliance deployment.

Now in your environment you need to make a decision, Windows based or Appliance based. For me, personally, I’ve long been a fan of the appliance. Its easy to deploy and doesn’t require a windows license, not that I’m against windows at all.

For a small lab it’s quite a beefy install, even at the tiny deployment. 8GB Ram and 2 CPU’s and the HDD requirements can be anything from 30GB to 120GB depending on whether you are using the imbedded controller or not. http://kb.vmware.com/kb/2106572

But given all of that we will cheat a bit with the memory requirements. After deployment, drop it down to 4GB. Please not that this is not supported.

As in the previous post, if you haven’t done so already, you need to install the Client integration plugin which can be found in the iso at vcsaVMware-ClientIntegrationPlugin-6.0.0.exe.

Firstly unpack the ISO to your local drive. C:/temp for example.

1. Double click on vcsa-setup.html. (found in the unpacked ISO).

2. Your browser might ask for confirmation before staring the Client integration plugin. Accept the caution.

3. Select Install

4. Select “I accept the terms of the License Agreement”. Click Next.

5. Enter in the IP address, username (usually root) and the password of the ESXi server you are deploying the PSC to.Click Next.

6. Accept the certificate warning by clicking Yes.

7. Enter in the name of the VCSA and give it a password. Click Next.

8. On this screen you have three choices. For our lab we’ll select “Install vCenter Server (Requires external Platform Services Controller)“. Click Next.

9. Now here we’ll want to enter in the details of the PSC we deployed previously, entering in the PSC name and the SSO password. Its usually best to leave the SSO port at 443. Click Next.

10. Leave the appliance size at tiny. Click Next.

11. Select the datastore you want to deploy into and select “Enable Thin Disk Mode“. Click Next.

12. Select “Use an embedded database (vPostgres). Click Next.

13. Carefully, enter in the networking details, tick “Enable ssh”. Click Next.

14. Check all your config details. Click Finish

If all your network settings were correct, the install will go off and work its magic.

Next post: we’ll go through joining the whole lot to your domain.

Nested Home Lab – Part 3 – PSC

May 20, 2015September 9, 2015 ~ Carel Maritz ~ Leave a comment

So back again.

In this post we’ll look at installing the Platform Services Controller (PSC).

Forgetting about ESX for a minute, this new iteration of vSphere is, in my opinion, a huge leap forward for administrators. It feels like the virtual appliance architecture has finally come of age. The split of duties makes a great deal of sense. The PSC is responsible for Single Sign On (SSO), Licensing, and as a Certificate Authority, while the VCSA hosts the inventory service, the web client and others.

So why on different appliances for this lab? Well going forward, in future blog posts, we’ll look at connecting a second VCSA to the PSC.

This first VCSA and PSC will lay the foundation for this and future labs

OK onward.

To install the VCSA and/or PSC you you will need to install the VMware client intergration plugin. can be found in the iso at vcsaVMware-ClientIntegrationPlugin-6.0.0.exe. To be honest I’m still not 100% sure why this is needed. I’ve seed similar functionality using HTML5.

This part of the installer does assume that you have a DC up and running. If you don’t you should get one setup before continuing as we will need it later, if you choose to follow that part of the guide.

Once that’s done we can fire up the installer and get the PSC installed.

Firstly unpack the ISO to your local drive. C:/temp for example.

1. Double click on vcsa-setup.html. (found in the unpacked ISO).

2. Your browser might ask for confirmation before staring the Client integration plugin. Accept the caution.

3. Select Install

4. Select “I accept the terms of the License Agreement”. Click Next.

5. Enter in the IP address, username (usually root) and the password of the ESXi server you are deploying the PSC to.Click Next.

6. Enter in the name of the PSC and give it a password. Click Next.

7. On this screen you have three choices. For our lab we’ll select “Install Platform Services Controller”. Click Next.

8. Select Create a new SSO Domain. Select a password for the SSO domain. This is different from the appliance root password, which is for the OS. If you don’t write down your lab passwords ,choose something easy to remember, We’ll need this password later. Enter in the SSO Domain name as vsphere.local and the site name as -site-1. Click Next.

9. Appliance size… Well nothing to choose here… Click Next.

10. Select the datastore you want to deploy the PSC onto. The SATA drive should be fine for this as it’s a relatively small appliance.

11. Networking is King here and you’ll need to be vigilant going through this. For the time sync select “Synchronize appliance with ESXi host” and tick “Enable ssh”. Click Next.

12. Check and check and check your settings. Once you are happy, Click Finish.

13. The installer will now go off and setup the PSC on your ESXi server.

That’s the first bit done. Next post is the VCSA installation.

EDIT: This is quite a good read for those who would like move info on the PSC: VMware Platform Services Controller 6.0 FAQs

Nested Home Lab – Part 2 – Networking

May 6, 2015September 24, 2015 ~ Carel Maritz ~ 1 Comment

Networking

While we can run all our services over one network segment, for this lab we really want three VLANs.

Networking setup will differ slightly for ESXi and Workstation but both will use the three VLANs.

Use	Example IP Range	Note
VM and Management	192.168.0.0	Best to use you existing home network.
VSAN (vlan 30)	192.168.100.0	Internal Only
vMotion (vlan 40)	192.168.110.0	Internal Only

It is considered best practice to separate out various types of network traffic. Usually you would separate out your VM traffic from your management but for this lab we will keep them together. We will separate out vMotion and VSAN traffic though.

ESXi: When I’m designing a vSphere environment with rack mount servers in mind I usually separate management traffic out into a separate standard virtual switch (2 x 1g ports) and all other traffic is sent to 2 x 10g ports through a distributed virtual switch using vlans to separate the traffic further and NIOC to control bandwidth.

All righty then, what’s this going to look like for us?

In Workstation:

In ESXi:

So far, so good. For Workstation nothing else needs to be done.

As you can see from the ESXi image above I haven’t specified a physical adapter for vSwitch1, With ESXi if network traffic is on the same VLAN and on the same virtual switch, it won’t go the the physical switch. The virtual switch, an in memory construct, will just pass the traffic along, however if you need to cross VLANs, the traffic will need to be passed to the physical switch for routing across VLANs. In this case, its very handy as we won’t want traffic to pass between the VSAN port group and the vMotion port group. EDIT: What we want to do is set-up the LAN port group with VLAN 4095. This will enable ESXi to pass the vlan traffic about correctly.

Now is ESXi we need to make two changes to the vMotion and VSAN port groups, Enable Promiscuous Mode and Forget Transmits:

William Lam of Virtually Ghetto has a great write up here discussing the reasons for this.

So those are the networking eccentricities, Next we’ll look at getting our first VCSA with a dedicated Platform Services Controller up and running.

Just a note: I had hoped to post this sooner but family and holiday commitments took over.

Nested Home Lab – Part 1 – The Plan

March 5, 2015September 9, 2015 ~ Carel Maritz ~ Leave a comment

Now before we charge headlong into this lab you need to go and check out the work that Alastair Cooke and Nick Marshall have done with AutoLab over at http://www.labguides.com/. Its a really good project and it automates much of what we will do through the next few posts manually.

For this first lab we are going to start with the basics, a three node cluster that will support vMotion, a couple of VM’s and VSAN for storage.

Lets also see if we can apply best practice where possible. This lab will give you a good environment to familiarise yourself with VMware.

You can just as easily build this lab using VMware workstation, in fact its where I first set it up. I still think Workstation is one of the best products that VMware make.

To get started we’ll need a few things:

Computer with at least 16GB of RAM. This will either run ESXi natively (preferred) or windows/ linux with VMware workstation.
Windows server install media.
VMware vSphere ESXi
VMware vCenter server Appliance
Ubuntu ISO or Tiny Core Linux.
A Plan

While you have the above software downloading lets look at the plan.

What we want to do is think about this environment as having three layers, which I’ll keep referring back to.

Layer 1 – The physical kit. Here we will be running an OS/hypervisor on our physical “server”. Whether this is ESXi or VMware Workstation is, at this stage immaterial.

Layer 2 – This is will be our first virtual layer and where our three ESXi servers, the vCenter Server Appliance (VCSA) and our Domain Controller will live.

Layer 3 – This will be our “nested” layer. Here we will run between one and three VM’s. These VM’s won’t really do anything except run an OS. I have historically run Linux in this layer as it seems to perform OK. I have listed two Linux distributions what I know run well as nested VM’s. But, really you could run any OS if you have the mind to.

As we go through the setup I’ll try to cover both the Workstation and ESXi configs but, as you would expect, this will work much better with ESXi and that’s where I’ll concentrate most.

Next post we’ll look at the networking required for your nested lab.

VMworld Session Review – VAPP2305

October 27, 2014September 9, 2015 ~ Carel Maritz ~ Leave a comment

Session: Extreme Performance Series – Understanding Applications that Require Extra TLC

Speakers: Vishnu Mohan (VMware), Reza Taheri (VMware).

This session was one of a series covering Extreme Performance.

If you are a virtualization Engineer then this should be a session you catch-up with and I am an engineer to my core. Of the three VMworld’s I have attended this was by far the most enjoyable and interesting session I have attended.

This session really looks at edge cases where virtualizationtechnologies would be the cause of performance issue.

Things like standards are not really discussed but assumed, in so much as this talk doesn’t cover rookie mistakes and assumes for all scenarios that all best practices are currently being met and the latest VMware stack is being used.

Extreme I/O, latency and timers are covered, dissected and demystified. Both Vishnu and Reza were brutally honest and completely unapologetic about the limitations of virtualization. The issues that were encountered affecting virtualization, would affect all platforms and not just VMware’s.

The speakers do make it very clear that for 99% of workloads/applications the default settings will serve you just fine and they are completly right. When was the last time you needed to “tune” a VM, not the application but the VM?

Also questions are posed along the lines of “You want to use SR-IOV? What for?” A VM can push 1 million packets. Perhaps if you needed extremely low latency and virtualization together. But maybe you would be better off going physical in that case.

For me the big takeaway from this session is know your workloads. Question and analyse.

White Paper Wednesday.

May 7, 2014September 9, 2015 ~ Carel Maritz ~ Leave a comment

I’ve just finished reading NetApp’s white paper WP-7193, FAS Hardware: Optimized for I/O Expandability, and Reliability.

First off I would say that this is not a paper that is heavy on the technical details. It more of a “this is what we do and how we do it” paper. At time it does read like a marketing paper but over all its a paper that would be good for somebody to read that is new to NetApp and would like to find out a bit more about the technology.

The focus is on their FAS series, which is where I would expect most peoples first contact with NetApp would be and covers a fair amount of topics from Storage I/O Data paths to on disk error correction.

One of the topics is touches on is the attitude that a storage system (NetApp, EMC, 3PAR, etc) is really just a fancy server with disks attached. While the argument can be made it usually indicates a lack of understanding of how a dedicated storage appliance really works. Yes is has an Intel CPU and Toshiba RAM and Hitachi disks but it is highly optimised to perform two functions: Serve Data, Protect Data. Both ways it is an interesting argument. How much is hardware and how much is software. With the availability of very well featured software storage OS’s such as FreeNAS the waters get muddied further.

I used FreeNAS extensively when studying for the VCAP-DCA exam, it worked and worked well. However the question is, can it compare? For certain uses, sure, its a viable alternative, cost effective and easy to manage. Could it go head-to-head with a FAS2240? Even though I doubt it, its something I am curious to test.

port115

Uncategorized