vArchitect Newsletter 017

vSphere Beta

VMware recently announced the new vSphere Beta program which will not be tied to a specific release but will continue through the multiple releases.  The program leverages a private community and provides discussion forums, webinars, and service requests as well as the ability to download the beta software. Hosted and download beta will be the two options made available to interact with the new features.

Sign up here.

vSphere 6.5 Host Resources Deep Dive E-Book FREE

Frank Denneman and Niels Hagoort book is very popular as seen at VMworld where Rubrik quickly ran out of the 2,000 hard copies they gave away to the community.  With that, Rubrik and VMUG recently announced that they are providing the book for FREE in e-book format, which you can download here after a quick registration.  Enjoy the read.

New Releases

As with any new version released by VMware, we highly recommend you read through the release notes.  It provides valuable information on the upgrade process as well as lists known issues in the product can could potentially impact your environment.

  • NSX-v 6.3.5 Build 7119875
    • This new release mostly contains bug fixes from previous release and a couple of new features. Some of the important fixes:
      • Translated IPs are not getting added to vNIC filters which is causing Distributed Firewall to drop traffic When new VMs are deployed, the vNIC filters do not get updated with the right set of IPs causing Distributed Firewall to block the traffic.
      • VMs migrated from 6.0.x can cause host PSOD When upgrading a cluster from 6.0.x to 6.2.3-6.2.8 or 6.3.x, the VM state exported can be corrupted and cause the receiving host to PSOD
      • NSX Manager crashes with high NSX Manager CPU NSX Manager has an OOM (out of memory) error and continuously restarts
      • NSX Controller memory increases with hardware VTEP configuration causing high CPU usage A controller process memory increase is seen with hardware VTEP configurations running for few days. The memory increase causes high CPU usage that lasts for some time (minutes) while the controller recovers the memory. During this time the data path is affected
    • Release notes are available here
  • vCenter Server 6.5 U1c
    • This new release only contains a single bug fix, but that bug is an expiring root password. Updating to U1c is strongly recommended to avoid having your root account lock out later.
      • An expired root password might fail some upgrade, install and migrate operations for VMware vCenter Server Appliance You might fail to deploy vCenter Server Appliance (VCSA) because VMware Photon OS does not allow you to replace an expired root password. This issue might affect installation of vCenter Server Appliance with vCenter Server Appliance 6.5 and vCenter Server Appliance 6.5.0a builds, as well as file-based restore from backups, migration from vCenter Server for Windows to VCSA, and upgrade from older version to vCenter Server Appliance 6.5, if you use these builds.
    • The root password issue is also mentioned in this KB.
  • Photon OS 2.0
  • PowerCLI 6.5.4
  • VMware Remote Console (VMRC) v10.0.2
    • Support for Mac High Sierra and Ubuntu 17.
VMware Cloud on AWS

Just like last year, be on the lookout for some new announcements at this year’s AWS re:invent conference.  We will provide some detailed information in the next newsletter release.

Session can be found here

Certificate Generation Utility for VVD

A cool utility flew very much under the radar that allows you to generate certificates for all the components referenced in a VVD. It’s a utility that uses PowerShell but is really nice for generating a list of certs for different products all in one go as it handles the formatting and outputs required. Get it in the KB here.

vCenter LDAP security issues and patch

Another day, another VMSA. This one is for some LDAP issues and is patched in 6.5 U1 and 6.0 U3c, but best check it out in the link here.

vSphere 6.5 Core Storage paper updates

The fleet of core storage papers has been updated to reflect vSphere 6.5, and these are great things to have in your library or when you need to implement a new technology. They’re linked from the blog article posted here.

CPU Resources Shares bug

Although you may not be using Resource Pools (and if you are using them as folders, STOP IT NOW), a bug, which has apparently been around for some time just, came to our attention on the VMTN Communities. The gist of it is that moving VMs between resource pools that don’t have CPU limits raises a warning that is incorrect and can be ignored.

Create custom properties for any object in vROps

An extremely interesting blog was published not too long ago that shows how you can inject custom properties into an object in vROps’ inventory. This is super useful for properties that vROps either doesn’t collect or that are highly customized to what you want, like for reporting purposes, for example. The caveat here is that although you can add, you cannot change or remove, so this is obviously a very limiting factor.

Using an Ephemeral Port Group to protect vCenter from outages

This is an issue that comes up fairly regularly on the VMTN Communities and which we see in the wild fairly often. It has to do with using a vDS and joining the vCenter that manages it to the same vDS. Since a distributed switch is a vCenter-only construct, it requires that vCenter be available to make updates to it, and this includes joining virtual machines to a port group. So you can obviously enter a chicken-and-egg scenario if, for example, you find yourself needing to restore vCenter to a host which has distributed port groups only. Fortunately, there’s a pretty easy fix to this problem which doesn’t involve keep standard switches on every host, and that is the ephemeral port group type.

There are three types of port bindings possible with a distributed switch port group. The first, static binding, which is default, immediately binds the vNIC to a port on the select port group and doesn’t release it until you disjoin it. The second, dynamic binding, allocates and uses a port when the vNIC is connected and the VM powered on. Dynamic binding should only be used where the number of VMs to be joined are both temporary and larger than that which can be accommodated by the port group. And the final type, ephemeral binding, is similar to dynamic in that the port relationship is gone if the VM is powered off, but the important distinction is that power operations can be performed on ESXi directly effectively bypassing vCenter. You can see this list if you edit settings on a distributed port group.

So best practice when using a vDS is to create a “rescue” distributed port group which has the same VLAN ID as that which vCenter itself uses, but is only used in cases where vCenter might be down and for vCenter itself. This way, you continue to use distributed port groups for your management workloads, but you have an identical one standing by if you need to join vCenter in the case where it’s down. For this and more information, check out KB 1022312 and also Chris Wahl’s older article here.

Latest HTML5 Client updates

Work continues on adding more and more features to the beloved HTML5 vSphere client. The latest release as of this writing is fling version v3.29 and it has undergone three or four updates since last writing. As always, updating is a breeze by accessing the FAMI on port 5490 and clicking the Update button. Update yours, or get a copy of the appliance, which is totally non-invasive on your existing vCenter, and try it out today. Performance is vastly superior to the Flex client, and although it isn’t at 100% feature parity yet, most of the tasks upon which you depend daily are present.

Replicating vRA Templates Easily with Veeam

A blog post from Chip this month shows how, with Veeam Backup & Replication, you can easily replicate your vSphere templates for use with vRealize Automation to any datacenter you have and be able to deploy from them all your blueprints. Be sure to grab the two PowerShell scripts at the bottom of the article for use if you set this up in your own environment.

New Orchestrated Restarts in vSphere 6.5

Another blog from Chip talks about the Orchestrated Restarts functionality in HA as part of vSphere 6.5 and how you can leverage it to better protect and make available multi-tiered applications. This is a really great feature which is still somewhat unknown, so if you’re on vSphere 6.5 already, think about implementing this so HA has better knowledge of applications and dependency orde