Archive for November, 2011

vSphere 5 Clustering Technical Deepdive Sale

November 26th, 2011

I assume you follow Duncan and Frank and read their blogs, but in case you don’t, check out this Crazy Black Friday / Cyber Monday deal!  Between now and Monday 11:59pm PST, prices are slashed on Frank and Duncan’s ebook vSphere 5 Clustering Technical Deepdive.

The sale pricing is as follows:

US – ebook – $ 4.99

UK – ebook – £ 3.99

DE – ebook – € 3.99

FR – ebook – € 3.99

If you’re serious about vSphere 5, you need this book in your technical library.  Even if you’re already a seasoned vSphere expert, there are some major changes in the features which Duncan and Frank deepdive on.  Tis the season for giving so if you already have a copy for yourself, take advantage of these prices to pick up another copy for your favorite co-worker, employee, manager, spouse, or child.  Now is as good a time as any to get the young ones started on VMware virtualization.

Cloning VMs, Guest Customization, & vDS Ephemeral Port Binding

November 25th, 2011

I spent a lot of time in the lab over the past few days.  I had quite a bit of success but I did run into one issue in which the story does not have a very happy ending.

The majority of my work involved networking in which I decommissioned all legacy vSwitches in the vSphere 5 cluster and converted all remaining VMkernel port groups to the existing vNetwork Distributed Switch (vDS) where I was already running the majority of the VMs on Static binding port groups.  In the process, some critical infrastructure VMs were also moved to the vDS including the vCenter, SQL, and Active Directory domain controller servers.  Because of this, I elected to implement Ephemeral – no binding for the port binding configuration of the VM port group which all VMs were connected to, including some powered off VMs I used for cloning to new virtual machines.  This decision was made in case there was a complete outage in the lab.  Static binding presents issues where in some circumstances, VMs can’t power on when the vCenter Server (Control Plane of the vDS) is down or unavailable.  Configuring the port group for Ephemeral – no binding works around this issue by allowing VMs to power on and claim their vDS ports when the vCenter Server is down.  There’s a good blog article on this subject by Eric Gray which you can find here.

Everything was working well with the new networking configuration until the following day when I tried deploying new virtual machines by cloning powered off VMs which were bound to the Ephemeral port group.  After the cloning process completed, the VM powered on for the first time and Guest Customization was then supposed to run.  This is where the problems came up.  The VMs would essentially hang just after guest customization was invoked by the vCenter Server.  While watching the remote console of the VM, it was evident that Guest Customization wasn’t starting.  At this point, the VM can’t be powered off – an error is displayed:

Cannot power Off vm_name on host_name in datacenter_name: The attempted operation cannot be performed in the current state (Powered on).

DRS also starts producing occasional errors on the host:

Unable to apply DRS resource settings on host host_name in datacenter_name. The operation is not allowed in the current state.. This can significantly reduce the effectiveness of DRS.

VMware KB 1004667 speaks to a similar circumstance where a blocking task on a VM (in this case a VMware Tools installation) prevents any other changes to it.  This speaks to why the VM can’t be powered off until the VMware Tools installation or Guest Customization process either ends or times out.

Finally, the following error in the cluster Events is what put me on to the suspicion of Ephemeral binding as the source of the issues:

Error message on vm_name on host_name in datacenter_name: Failed to connect virtual device Ethernet0.

Error Stack:

Failed to connect virtual device Ethernet0.

Unable to get networkName or devName for ethernet0

Unable to get dvs.portId for ethernet0

I searched the entire vSphere 5 document library for issues or limitations related to the use of Ephemeral – no binding but came up empty.  This reinforced my assumption that Ephemeral binding across the board for all VMs was a supported configuration.  Perhaps it is for running virtual machines but in my case it fails when used in conjunction with cloning and guest customization.  In the interim, I’ve moved off Ephemeral binding back to Static binding.  Cloning problem solved.

Enabling VMware View PCoIP Copy/Paste

November 22nd, 2011

Last month, I started the thread VMware View 5.0 copy/paste operations problem on the VMware Community forums looking for some expertise on a problem I ran into with View 5.0 and PCoIP. I could use the copy/paste function successfully going from my desktop PC to the VDI session. However, the problem was that I could not copy/paste in the opposite direction from the VDI session to my desktop PC. I tried the following entries in the .vmx file of the VDI session:

isolation.tools.copy.disable = false

isolation.tools.paste.disable = false

Update 8/18/15: VMware KB describing VM and host level configuration Clipboard Copy and Paste does not work in vSphere Client 4.1 and later (1026437)

The added configurations above didn’t resolve the issue in any way so I removed them. As the forum thread progressed, some individuals recommended using the VMware View provided GPO templates. Taking a look in the directory c:\Program Files\VMware\VMware View\Server\extras\GroupPolicyFiles\ on the View Connection Server, I found several Active Directory Group Policy templates.SnagIt Capture

The required policy can be found in the pcoip.adm template. It’s called Configure clipboard redirection (note that for this to work, virtual channels must not be disabled. You can read more about View PCoIP General Session Variables here). I configured the policy for Enabled in both directions and applied the computer portion of the policy to the OU where the VDI session computer account object lives (I disabled the user portion of the GPO).

After forcing GPO updates on the VDI session and reconnecting a few times, copy/paste still didn’t work from the VDI session to my desktop PC. It wasn’t until after a reboot of the VDI session that the policy took effect and copy/paste worked bidirectionally.

Special thanks goes out to the community members who helped me get this sorted: wponder, srodenburg, SrinivasM, cmarkus, and Linjo. You and all of the others who make up the VMTN Community are an asset to VMware and to those seeking assistance.

Link Layer Discovery Protocol (LLDP)

November 17th, 2011

Several months ago I co-wrote a piece titled Cisco Discovery Protocol (CDP) Tag Team.  The article talks about CDP, walks through some working examples, and provides a view of what information the protocol advertises.  CDP is a great tool but it’s proprietary to Cisco network gear.  In the past, if you were using non-Cisco switches, you couldn’t leverage CDP in either direction (listen or advertise).

Today is the first look at a new vSphere 5 networking feature which is Link Layer Discovery Protocol – essentially CDP for every other switch vendor which supports this IEEE 802.1AB open standard.

Take a look at the images below which show a side by side comparison of LLDP and CDP from the vSphere Client perspective:

Snagit Capture  Snagit Capture

As you can see, there’s a lot of parity between the two protocols.  Each provides some very helpful information from the upstream physical network perspective.  Namely the identification of the switch and the port number.  From what I’ve seen so far, LLDP is a completely viable alternative to CDP.

In case you’re wondering where to configure LLDP or CDP on a vNetwork Distributed Switch, it’s an advanced setting of the vDS itself:

Snagit Capture

Linked-clone lifecycle in VMware View 4.5 and later

November 16th, 2011

Remote connectivity to the lab is key when I’m on the go – a situation I find myself in more frequently.  In years past, the remote solution was hardware/software VPN endpoints, and then Citrix Presentation Server. Given my involvement with VMware, for the past year plus I’ve been a full fledged, trial by fire, eat my own evangelist food, View hobbyist.  What’s not to like about it?  It’s VMware based.  It’s secure.  It supports multiple connectivity protocols.  And it works absolutely great with my iPad (well, I’m talking about the remote desktop connectivity via PCoIP, not so much the Adobe Flex admin console for the View Connection Server).

One HUGE feature that View has touted since version 3.0 is Linked Clones which carry with it the positive attributes of space efficiency and fast provisioning.  Linked Clones are where some of the more advanced features and capabilities start to appear, such as View Composer.

VMware KB Article 1021506 has some great information in it surrounding linked clones, View Composer, Active Directory machine account passwords, and some of the common operational processes tied to it such as guest provisioning and customization, Refresh, Recompose, and Rebalance.  I find it to be a great reference.

A few excerpts on the operational pieces along with my notes:

Active Directory machine account passwords

While a linked clone is powered on and the View Composer Agent is running, the View Composer Agent tracks any changes made to the machine account password. In many Active Directory environments, the machine account password is changed periodically. If the View Composer Agent detects a password change, it updates the machine account password on the internal disk that was created with the linked clone. During a refresh operation, when the linked clone is reverted to the snapshot taken after customization, the agent can reset the machine account password to the latest one.

Refresh

In View 4.5, a refresh triggers a revert operation to the snapshot that was taken after customization was completed. This approach allows View to preserve the customization performed by Sysprep.

jgb: A Refresh should be run on a regular basis to reclaim valuable shared storage space.  As linked clone guests in the pool continue to run on an ongoing basis, storage consumption grows for each VM, much like a snapshot of a VM which is left open for a long period of time.  However, in this case, much of the data is transient and disposable which is what a Refresh will purge.  This data is stored on what’s called the Disposable Disk. The Disposable Disk contains data such as the Windows pagefile, Windows temporary files, Temporary Internet Files, and VMware log files.  It is not uncommon to run this Refresh on a nightly basis.  This is of particular importance on arrays which support auto tiering and especially sub LUN tiering at the block or page level because this meta data will most likely be consuming Tier 1 storage.

Recompose

A recompose operation lets the administrator preserve the View Composer persistent disk and all user data inside this disk while changing the OS disk to a new base image and snapshot. With recompose, an administrator can easily distribute OS patches and new software to users.

jgb: Net result is the deployed VMs in the pool are deleted and redeployed to the pool for the assigned users.

Rebalance

The rebalance operation redistributes linked clones among available datastores to take advantage of free storage space. In View 4.5, there is no other supported way to move linked clones from one datastore to another.

Unable to Remove Stubborn Hosts from Unisphere (and the solution)

November 14th, 2011

Last weekend I was working in the home lab and needed to remove a few fibre channel connected hosts from the EMC Celerra NS-120.  This is the procedure I followed:

  1. Open Unisphere
  2. Drill down to the CLARiiON side of the Celerra (APM000…)
  3. From the menu on the left, choose Storage System Connectivity Status
  4. Drill down on the host to remove, highlight each HBA one by one and click the Deregister button
  5. Click OK

Snagit Capture

Unfortunately, I ran into an issue.  The problem which occurred was that the host I was attempting to remove remained in the host list instead of being deleted once the final HBA was deregistered.  This was a problem because I needed to add a new host with the same name.  At this point, there was no clear way to remove the host:

Snagit Capture

Logging in to Engineering mode (I found this on the public facing/Google cached EMC Community Network forums searching for help… CTRL + SHIFT + F12 password messner) did not provide me with additional options to remove the host.

Thanks to the help from Jase McCarty who had a watchful eye on Twitter, I was able to follow a procedure to resolve the situation:

  1. Access each of the Storage Processor Management Servers (http://w.x.y.z/setup)
  2. Scroll down and click the Restart Management Server button (each can be performed in parallel; doesn’t impact storage connectivity)
  3. Wait 5 minutes for the reboot of the Management Servers
  4. Close and Re-open Unisphere
  5. The host is now gone from all host lists.  Problem solved.

This was an isolated incident.  I wasn’t able to repeat this problem but if it happens in the future, I’m ready.  All I have to do is search Google and end up at my own blog.

Thanks Jase!

vSphere 5 Configuration Maximums Updated For The Cloud

November 11th, 2011

A few nights ago, Chris Colotti and Dave Hill presented a vCloud Architecture Deep Dive brown bag session.  Among the tips I picked up in that session was a comment from Chris that my most favorite VMware document of all time had been updated within the last 6 weeks – vSphere 5 Configuration Maximums.  Basically what was added was the inclusion of vCloud Director configuration maximums:

Item Maximum
Virtual machine count 20,000
Powered‐On virtual machine count 10,000
Organizations 10,000
Virtual machines per vApp 64
vApps per organization 500
Number of networks 7,500
Hosts 2,000
vCenter Servers 25
Virtual Data Centers 10,000
Datastores 1,024
Catalogs 1,000
Media 1,000
Users 10,000

If you’ve been following the progression of this document, you will have noticed that VMware has been adding more application layer components to it.  That is because VMware has broadened its cloud platform portfolio which is fundamentally dependent on vSphere.  Chris mentioned this in his lecture and I began noticing it a few years ago, vCenter now extends beyond just a tier 2 management application.  It has become a tier 1 cornerstone for other VMware and partner ecosystem cloud applications and infrastructure tools.  Be mindful of this during the design phase and do not neglect its resource and redundancy requirements as your scale your vCloud environment.

Enjoy.  And by the way, Chris has a Dell T310 Server with 20GB RAM for sale.  Check it out.