In Part 2 of the E-Learning video, we review how to create a blueprint from a template in vCloud Automation Center and entitle the end user. In order to automate the provisioning of the a virtual machine, we will create and configure the blueprint, publish the blueprint and add it to the service catalog and then entitle the catalog item to the appropriate user. After the machine is entitle and published to the catalogue, we will review the end user experience to provision the workload.
I recently worked with Ash D'Costa from Mainland Information Systems to produce two E-Learning videos covering the concepts in the Hands on Lab Use Case that we developed for VMworld 2014. The Hands On Lab is SDC-1406 - vCloud Suite 101 - The first steps in the journey to a Software Defined Enterprise.
In the first video, we covered the Capacity modelling using vCenter Operations Manager's 'What - If Scenarios' to validate if the Cluster that we will eventually use will have enough capacity to provision future workloads using vCloud Automation Center.
After getting ESXi installed on the Mac Minis and the vSphere vCenter Appliance deployed, my next step was to integrate my labs Active Directory with Single Sign On. Based on the documentation provided on the vSphere 5.5 Documentation Center, the AD integration was a pretty simple procedure and relies on a handful of fundamental components to complete.
- Domain Membership
- SSO Service Account
- Identity Source
- Groups and Permissions
The vSphere vCenter Server must be added to the Active Directory domain if vSphere SSO Active Directory integration is going to configured. If your vCenter is a Windows Server, it is a pretty standardized practice and a generally accepted prerequisite.
My lab is using the vCenter Server Appliance, so joining the domain is pretty simple.
- Connect to the vCenter Server Appliance Administration page located at https://[VCENTER_SERVER]:5480/ and login as root.
- Navigate to the Authentication tab under the vCenter Server configuration
- Fill out the domain name with the proper credentials with the proper permissions that will allow the computer account for the VCSA to be created in AD
- Save Settings but don't reboot the Appliance until the Identity Source has been set and the proper roles and permissions are configured.
SSO Service Account:
One of the requirements (if you are not using a machine account) for vSphere SSO Active Directory integration is to have a Service Principal Name (SPN) in Active Directory. To set the SPN, connect to the Domain Controller and create the Service Account for this purpose:
The SSO Service Account should be a dedicated account with the proper password expiry settings attributed to it.
Once the Service Account is created, open a command prompt as administrator on the Domain Controller and run the following command as depicted below:
setspn -S sts/[DOMAIN] [SERVICEACCOUNTNAME]
Ensure that the last line of the command returns with 'Updated object' before moving on to the next step.
Identity sources allow you to attach one or more domains to vCenter Single Sign-On. A domain is a repository for users and groups that the vCenter Single Sign-On server can use for user authentication.
To set the identity source, ensure that the domain membership and SSOServiceAccount SPN settings are completed, then:
Login to the Web Client (https://[VCENTER}:9443/vsphere-client/) and connect to the vCenter Server using the email@example.com account. The password for the account from freshly deployed VCSA will be 'vmware'. Do not use & not “admin@system-domain” like you did in vCenter 5.1 SSO.
Navigate to Home > Administration > Single Sign-On > Configuration page
Use the + sign to add your domain as a new identity source. Select 'Active Directory (integrated Windows Authentication)' and complete the following fields as depicted below:
Domain name, Service Principle Name (SPN), User Principle Name (UPN) and the password that you set with your created the account in Users and Computers.
If all the fields are no longer outlined in red, you have completed the them successfully and can select OK. If the settings are correct the progress bar should complete in about 30-60 seconds and there will be an additional Identity Source listed in your configuration.
Once the Active Directory domain is added as an identity source for authentication, the proper group memberships and permissions must be setup in order to see the existing vCenter inventory components.
Groups and Permissions
Staying logged in with the firstname.lastname@example.org account; navigate to the 'Users and Groups' configuration section on the left hand side, select the Groups Tab in the middle and highlight the Administrators Group as in the picture below. Near the bottom of the page click the 'Add Member' button.
When the 'Add Principals' wizard pops up:
- User the domain drop-down list to select the Active Directory Domain.
- Select and highlight the Group or User account that will be used to access and administer the vCenter Server. I would recommend using a group membership.
- Use the Add button to populate the Users: or Groups: field below
- Select OK to make the changes.
Now that the Groups (or Users) are added into the correct group memberships (that correspond to the correct roles), the permissions to the vCenter must be applied.
Navigate to Home > vCenter > vCenters and highlight the VCSA instance name on the right hand side of the screen. Select the Manage tab > then select the Permissions tab and use the + [Add permission] button to add the same User or Group in the above example.
Using the Select Users/Groups wizard:
- User the domain drop-down list to select the Active Directory Domain.
- Select and highlight the Group or User account that will require permissions to administer the vCenter Server.
- Use the Add button to populate the Users: or Groups: field below
- Select OK to make the changes.
After about 30 seconds, the additional line(s) will show up with having the proper permissions to the vCenter inventory and components. This is the same functionality as setting roles and permissions in the traditional C# client.
Before testing out the access and permissions, remember to reboot the vCenter Server Appliance and allow the domain membership changes to take place.
After the appliance comes back up and the Web Services have started again, login to the Web Client interface and validate that the authentication and permissions are correct and functional.
An easy way to tell is the inventory and permissions are correct is to validate on the vCenter Home whether the existing vCenters, Hosts and VMs are showing up on the left hand side within the inventory as in the example below.
If you are running Windows, make sure to download and install the Client Integration Plug-in to enable the ability to use your currently logged in Active Directory credentials.
Next up: Storage and Networking design...
Installing vSphere on my new Mac Minis was my first jump into running vSphere on Apple hardware. After doing my homework and some google-fu was able to stand up the 3 hosts in a little under an hour. Below is what I needed to get completed to be successful.
Although there are a couple different ways of getting vSphere installed on the hosts I elected to go with using a USB Boot Image to install onto the 8 Gb Cruzer Fit Usb Flash Drives using William Lam's custom ISO.
After getting the hosts up and running and allowing the memory to burn in, I had to ensure that the Thunderbolt drivers where installed so that I could start creating my portgroups and vDS configs.
I grabbed a copy of William Lam's vghetto vib (vghetto-apple-thunderbolder-ethernet.vib) and uploaded it to the local datastore of each of the freshly built hosts. After enabling remote admin in the security profiles, I connected to each host and ran the following command:
esxcli software vib install -v /vmfs/volumes/[DATASTORE]/vghetto-apple-thunderbolder-ethernet.vib -f
After each of the operations completed successfully, I rebooted the host and verified that the pNIC was showing in the Web Client under Host > Manage > Networking > Physical Adapters (below)
Once my Synology SAN arrives in the next week, I can get started on some more of the fun stuff (vDS and Storage configuration).
Next up: vSphere 5.5 SSO Integration with Active Directory
I have finally started on my home lab build. It was time to bite the bullet even though I have some great internal resources to VMware including the same infrastructure that our VMworld HOL runs on (OneCloud). This lab build will allow me to get back into the weeds with technical details and help me specialize on Cloud Management tools. The end state will be a full end-to-end integrated demo of the vCloud Suite 5.5; including vCenter Operations, Log Insight, vCO, vCloud Director, vCloud Automation Center & Application Director with a little Horizon Suite for flavor.
After seeing (and not hearing) Mark's lab in his office, it was clear that I needed a whisper quiet setup. After hearing a lot about the Mac Mini ESXi build in the wild from guys like William Lam and Dave Savercool, I decided to follow suit with my own twist. Special thanks to Rad for suggesting going with the following:
- 3x Refurbished Mac mini 2.5GHz dual-core Intel Core i5 (2012)
- 3x Thunderbolt to Gigabit Ethernet Adapter
- 3x Patriot Memory Mac Series 16GB (2 x 8GB) DDR3 1333 (PC3 10600) Memory
- 3x Cruzer Fit USB Flash Drive (8 GB)
- Synology DS1512+ Diskless System High Performance NAS
- 3x Seagate Barracuda 3TB 7200 RPM 64MB Cache SATA 6.0Gb/s 3.5" Drives
- 1x Cisco SG200-26
Next up: Detailed Solution Design, assembly, and vSphere 5.5 installs. To be continued.
VMware vCloud Connector received an update today with it's 2.5 release. This update comes shortly after the introduction of VMware's Hybird Cloud Service (vHCS).vCloud Connector Core is available to all current vSphere and vCloud Director customers as a free download. To get support for the Core edition of vCloud Connector, you must have an active support contract for vSphere or vCloud Director.
vCloud Connector Advanced includes the Data center Extension and Content Sync features, is available as a part of the vCloud Suites and the VMware vCloud Hybrid Service.
One of the new features in vCloud Connector 2.5 includes the ability to perform bulk offline workload migration to VMware vHCS. Offline Data Transfer (ODT) can be requested as a service from MyVMware with VMware provided NAS with up to 12TB of space per device.
There has also been improvements with in transfer performance using path optimization and the UDT protocol. The previous version the transfer from the vCC Nodes used a sequential method that exported the VM to source node as VMDK & OVF, then transferred the VMDK & OVF to destination node and finally imported the VMDK & OVF from destination node into the destination Cloud. Using Path Optimization the export / transfer / import process all run in parallel to fully utilize the full bandwidth of the connection.
vCloud Connector Advanced Edition includes the ability to extend your data-center in to a public cloud by creating a Layer 2 extension over a SSL VPN tunnel. Data Center Extension (DCE) give you the ability to move workloads from the data center to the secondary data-center or public cloud while
retaining its network settings, including MAC & IP addresses. Avoiding these networking changes for applications and servers within your infrastructure speeds up the ability to migrate workloads in (and out) of a publicly provided service or secondary data-center. Keep in mind that this is transfer that requires the workload(s) to be powered off during the migration.
The content synching ability allows you to publish a vCloud catalog or vSphere folder and then
subscribe to it from one or multiple vSphere folders or vCloud catalogs. When changes are made to the folder or catalog on either end, the changes are synchronized to it's partner. This functionality enables the you to provision new workloads to either data-center depending on your preference or the requirements of the application without worrying about if a template or catalog item is up to date or the latest version.
The vCloud Connector FAQ provides answers to many common questions around this release.
VMware has released an update to it's widely adopted management stack. vCenter Operations Manager Suite 5.7.1 includes some long awaiting updates and a new product into the family that ties in another layer of integrated management for the entire landscape of existing infrastructure. Here are some of the highlights of new features and functionality of the complete solution.
VMware vCenter Log Insight:
Releasing in to an open beta as of today, vCenter Log Insight opens up the door for quicker troubleshooting with integration into vCenter Operations Manager as a core product. From the vCenter Operations dashboards, there is In-context application launch capabilities which are pluggable for suite & third-party products. This give an administrator the ability to view log analytics events notifications with relevant resource context. In turn this significantly reduces the time to resolve issues and get back to work.
For more about vCenter Log Insight, see my featured post here.
vCenter Operations Manager as a core product has also introduced some new features in addition to the new member of the family above. There new dashboards targeted at troubleshooting, specific virtual machines, hosts & clusters as well as newer heatmaps & alerts views.
One of the new dashboards include pre-built dashboards for vSphere utilization and performance indicators based on VMware best practices including the 10 most requested dashboards from customers and field that shows KPIs for a vSphere environment.
Troubleshooting dashboard example:
There are also new canned dashboards from a VM perspective showing key metrics including a Top 25 lists to identify the top VM resource consumers at-a-glanc.
Virtual Machine specific / Host and Cluster example:
Updated heatmaps display metrics for CPU, Disk, Memory & Network for easy comparison.
Fresher looking alerts dashboard provides additional troubleshooting information at a glance including operation centric alert views - Datacenter workload, Relationshi based view and Filtering capability.
Another key update to the vCenter Operations Manager core functionality is added reporting abilities. These reports give administrators and operations groups the ability to provide easy to understand reporting to the application owners and lines of business within the organization. You can easily assess performance impact to clusters/datastores from increased VMs/demand over last week as well as identify which clusters, datastores, VMs had performance problems last week.
Balance profiles are also something of specific interest to me and a welcomed new feature that enable the delivery of scalable functionality and metrics without compromise to vCenter Operations functionality. The Balanced profile will be default profile for fresh vCenter Operations install. For upgrades, the previously selected profile will be not be change.
For more information about the updated vCenter Operations Suite head to the product page on vmware's website.
VMware has released it latest application included in the latest update to the vCenter Operations Suite; VMware vCenter Log Insight. Below is the breakdown and high level points that you should know about this new product and how it rolls into the Management Suite of products.
Approach to Log Management: Leverage existing suite:
Extending on the patented analytics engine from vCenter Operations and using it to get dynamic thresholds and analysis from any log files within your infrastructure. Log Insight extends analytics to logs, giving real-time actionable operational intelligence
Ensure that it is easy to use and accessible:
Today, existing solutions are either highly specialized, or too expensive. Log Insight has an intuitive, easy-to-use interface; and a predictable pricing model with unlimited amount of log data, making it accessible to all.
Integration into the vSphere Infrastructure:
Log Insight comes with built-in knowledge and native support for vSphere. Integration with vCenter Operations maximizes ROI and value, providing a complete cloud operations management solution
When would Log Insight come in handy for Operations or Administrators in a Virtual Infrastructure Environment?
Troubleshooting and Root Cause Analysis:
- I observed a problem (e.g. slowness), try to troubleshoot the problem and identify the part of the stack that is responsible (e.g. network delay vs storage)
- Follow the trail from vCenter Operations to logs to get to root cause to an observed problem
Monitoring Using Logs:
- Monitor metrics and events (performance & change) that are visible only in logs
- Collect all the data in one place without the need for custom parsing, transformation of data.
One of the greatest things I found about the Log Insight is the direct integration in vSphere Web Client and vCenter Operation Manager to keep in tune with the tight integration in the Cloud Management Suite of tools.
With the vSphere Content Pack you can collect and visualize all of the data from your vSphere vCenter and ESXi hosts:
vSphere content pack has been created based on PSO and GSS knowledgebase to
provide the most authoritative knowledge about vSphere log management,
troubleshooting and monitoring. You get pre-configured dashboards on best practices the VMware experts and the community.
Included in the Advance and Enterprise version of vCenter Operations Manager you can now natively open Log Insight from the Operation Manager Dashboard:
If you want to try it out, as of today (June 11th) there is an open beta. Head on over, check it out and see how it stacks up to competitors like Splunk, Solarwinds and SumoLogic.
vCloud Automation Center was acquired by VMware in 2012 when it was known as DynamicOps as part of it’s strategy to complete the Software Defined-Datacenter Vision. VMware recognizes that customers will have heterogeneous pools of infrastructure. vCloud Automation Center helps deliver on our commitment to customer choice by enabling customers to manage across all platforms. vCloud Automation Center enables you to rapidly deploy and provision business-relevant cloud services across private and public clouds, physical infrastructure, hypervisors, and public cloud providers.
Let's break down some of the key benefits derived from vCloud Auto Center:
• Complete lifecycle management of cloud service
• Quickly build cloud services
• Map existing business processes to cloud service
• Leverage existing investment in infrastructure tools
Software Defined-Datacenter Strategy:
• Moving from Templates to Blueprints
• Leading the evolution of IAAS
• Virtualization -> Self-Service -> Intelligent & self-aware
• Wrap the data center in a secure API
Enterprise Hybrid Cloud Initiatives:
• Unify and simplify the user experience Govern & Control access to public cloud resources
• Integrating public resources into the enterprise ecosystem
• Support legitimate use cases for public cloud
How does vCloud Automation Center enable these key initiatives within the enterprise? Let’s highlight some of the most valuable capabilities of the product:
Self Service Experience: Intuitive, consumerized and customizable Cloud management portal. vCloud Automation Center provide an intuitive and personalized self-service experience for cloud consumers. The appearance and behavior of the front end can be branded and configured to match your organizations needs. Additionally, vCloud Automation Center provides a dynamic cloud interface for the administrator and the consumer. This interface provides a secure, Web enabled API for programmatic access to cloud data and services. Furthermore, we can dynamically generate this secure RESTful API for third party tools and homegrown systems to create a unified and secure interface across the datacenter.
Complete Lifecycle Management: More than just self-service provisioning, self service management. We provide self service for the full lifecycle, which included request, provisioning, ongoing management (reprovision, snapshot, reconfig, archive, reclamation, and archive) through decommissioning.
User/Organizational Governance: Provides specific and unique business context for each user’s request. vCloud Automation Center delivers services that meet the unique needs of each user within and organization.
Multi-vendor Orchestration: Coordinates multiple vendor’s technologies enabling best of breed solution leveraging existing tools. We can automate a variety of provisioning mechanisms across multiple hardware and platform types. vCAC also supports native integration to third party tools such as SCCM, BladeLogic and HP Opsware.
Automated Service Delivery: Built-in automation provisions virtual, physical and cloud. Now the next level of Extensibility is aimed at our most advanced customers who want to leverage our platform – but allow their in-house developers who have .NET or Windows Workflow experience to quickly deliver completely new use cases outside of Cloud life cycle management. They are able to deliver these new services on top of our unique architecture. Application Director integration is an interesting add into this mix.
Cloud Service Costing: Cost allocation and charge/show-back across infrastructure, storage, business unit. vCAC allows your organization to chargeback/show back for its cloud services by measuring each business unit or consumer's infrastructure, software, and storage costs. vCAC provides a variety of out of the box reports as well as an accessible data model for 3rd party reporting or billing systems.
Intelligent Resource Management: Discovers and manages existing environment and provides resource efficiency across entire resource lifecycle. The features here enable you to discover and organize your infrastructure fabric into tiers and allocate resources to multiple consumers. This enables intelligent policy-driven placement and full visibly into fabric consumption.
Visual Workflow Designer: Admin level ability to graphically adapt processes to environment. So along with the OOB capabilities our suite ships with a visual workflow design utility called vCloud Automation Center Designer. This provides a non-developer the ability to easily extend our functionality to adapt to your specific processes and tools.
All of these capabilities work across your internal physical & virtual infrastructures – as well as public cloud resources…today we have Amazon out of the box, however we have done integrations with Saavis and others and will continue to productize these as customer demand dictates.
vSphere vCenter 5.1 Update 1 was released on April 25th with a new features, resolved issues as well a list of known issues. I am using the vCenter Server Appliance in my lab at home and decided to upgrade this morning to see what the experience was like incase some of my customers asked about it. I was pleasantly surprised on how simple it was. Here is a break down on how it went.
First I logged into the vCenter appliance with https://<fqdn or IP Address>:5480/ and selected the Update tab, then selected the Check Updates button to get the following resulting screen:
To start the Select Install Updates button to initiate the upgrade and confirm the prompt.
After the process begins the progress begins to download the bits in the backend while showing the following message:
Time for a coffee, check and reply to some emails....took about 20 minutes.
When the upgrade completed, I was presented with a message for a 'reboot to complete the upgrade' message.
I was rather impressed with the simplicity and speed of the upgrade. Next up, vSphere ESXi 5.1 Update 1.