vArchitect Newsletter 005

Hands-On-Labs from VMworld 2016 Released

VMware has finally released all the HOLs from VMworld 2016, and part of that includes existing HOLs that received a facelift. All HOLs can be found on the homepage here. For a list of all new HOLs, see VMware’s blog coverage here, here, and here. And for those of you not familiar, HOLs are a totally free, totally awesome way to get familiar with VMware products without having to have a home lab or spend hours installing and configuring software. Each HOL is a real live environment—not a simulation—that contains running VMs already connected and configured for you with an accompanying lab manual to walk you through all the exercises. Highly recommended if you want to brush up on your skills for the latest product release, or to learn a new product altogether.

Run PowerCLI on Mac or Linux easily inside a Docker container

Chip wrote a blog post last month about how to get started with Docker and PowerCLI on your Mac or Linux, and also how to get cmdlet help inside that container. Worth a read if you’re interested in PowerCLI outside of Windows and want an easy way to do it.

How to build your own NetApp lab running ONTAP 9

Some of you are no doubt NetApp customers and might be interested in checking out the latest features in ONTAP 9. There was a free ebook published recently written by Neil Anderson on how to get started with a NetApp home lab using the ONTAP 9 simulator. The book has gotten a lot of blog coverage, so if this is something that interests you, register for and download the ebook.

NSX bug woes continue

Another bug was discovered in NSX 6.2.4 that impacts virtual machines after a vMotion operation.  If VMs are migrated between upgraded hosts, they will lose network connectivity and require a reboot to bring back connectivity.

This issue will only affect customers who have upgrade from 6.1.x to 6.2.4 and have the Distributed Firewall enabled. A greenfield deployment of NSX should not experience the same issue.

There is currently no solution available, but to work around this issue a script is available which modifies the virtual machine_export version. To acquire the script and procedure, file a support request with VMware support and note this KB Article 2146171 in the problem description.

https://kb.vmware.com/kb/2146171

VMware Security announcements

VMware has released quite a few product updates to address security issues.  Please review the vulnerability list below carefully and address where necessary or just read my summary below:

  • Upgrade vRealize Operations to 6.4.0
  • Upgrade Workstation to 12.5.2
  • Upgrade Fusion to 8.5.2
  • Important patch for vRA and VIDM are not yet available, keep an eye on VMSA-2016-0019.

1. Critical: Out-of-bounds memory access vulnerability

http://www.vmware.com/security/advisories/VMSA-2016-0019.html

VMware Workstation Pro and Player

Upgrade to 12.5.2

VMware Fusion

Upgrade to 8.5.2

2. Critical: Privilege escalation vulnerability which allows a low-privileged role to gain full access over the application

http://www.vmware.com/security/advisories/VMSA-2016-0016.html

vRealize Operations

Upgrade to 6.4.0 or depending on your version apply the following patch

https://kb.vmware.com/kb/2147215

https://kb.vmware.com/kb/2147247

https://kb.vmware.com/kb/2147246

https://kb.vmware.com/kb/2147248

3. Important: Local privilege escalation vulnerability through race condition in the way appliance’s memory subsystem handles copy-on-write.

http://www.vmware.com/security/advisories/VMSA-2016-0018.html

VMware Identity Manager

Patch Pending

vRealize Automation

Patch Pending

vRealize Operations

Upgrade to 6.4.0 or depending on your version apply the following patch

https://kb.vmware.com/kb/2147630

https://kb.vmware.com/kb/2147668

https://kb.vmware.com/kb/2147667

https://kb.vmware.com/kb/2147666

https://kb.vmware.com/kb/2147664

4. Important: REST API deserialization vulnerability which may result in a Denial of Service

vRealize Operations

Upgrade your 6.x version to 6.4.0

Version 5.x not affected

vCenter Managed Address and why you should set it

We do a lot of health checks for customers’ VMware environments. This usually entails crawling through their extensive vSphere and related product landscape; conducting interviews with engineers and managers on current pain points and new initiatives; and running a variety of standard and home-grown scripts and tools to gather information. Something we almost always reveal in these health checks is the lack of configuration done to vCenter Server itself. There isn’t a whole lot that needs to be done to vCenter so it just “works,” but there are some things you should do to ensure it works properly. Something we almost always see neglected is not setting the vCenter managed address. You can find this in the web client by selecting your vCenter object, Manage, Settings, General, and Runtime settings.

Setting the vCenter Server managed address is a manual process, and it’s used to communicate to the ESXi hosts where vCenter can be reached in addition to its FQDN. It’s always a good practice to set this. Are you seeing hosts frequently disconnect from inventory and you don’t know why? This could be a reason. But it’s especially important to set this if you have configured your vCenter (vCSA or Windows) to be multi-homed. In a multi-homed configuration, you will have added a second (or more) vNICs to your vCenter. This could be due to the desire to have a dedicated Auto Deploy segment, backup network, monitoring and management pathway, etc. Although this is possible, it is not recommended nor supported by VMware. If, however, you must have this or have done so already, ensure you set the managed address as the interface over which your ESXi hosts can access vCenter. Having this correct will avoid a recommendation show up in your health check score card.

VMware announces general availability for vSphere 6.5

The most anticipated release for 2016 is here with vSphere 6.5! VMware made the bits available for download on Tuesday 11.15.2016.  Some of the highlighted products are:

  • vCenter sever 6.5
  • vSphere Client (HTML5)
  • ESXi 6.5
  • PowerCLI 6.5
  • vSAN 6.5
  • vRealize Log Insight 4.0.0
  • vRealize Operations Manager 6.4
  • vRealize Business 7.2.0
  • SRM 6.5
  • vRealize Replication 6.5

No vSphere 6.5 supported version of NSX yet, so if you have NSX implemented in your environment then you should not upgrade.

Some important information before upgrading to vSphere 6.5:

https://kb.vmware.com/kb/2147548

VMware blog on announcement:

http://blogs.vmware.com/vsphere/2016/11/vmware-announces-general-availability-vsphere-6-5.html

Detailed list of product releases from William Liam:

http://www.virtuallyghetto.com/2016/11/vsphere65.html

Also from William comes a cool automation script that allows you to stand up a whole vSphere 6.5 (or 6.0) environment including ESXi hosts and the vCSA. Really great if you want a quick way to test drive the new vSphere 6.5 features in your home lab.

vRealize Automation 7.2 Released

Next on the release train for November was vRA 7.2, which includes a bunch of new features including support for Microsoft Azure, built-in container support, Service Now support, and scaling XaaS services. There are two good articles which cover those features more in-depth with some screenshots here and here.

Veeam 9.5 Released

Last on the release train is Veeam 9.5, which includes support for Nimble integrations and more. Anthony has a good run-down of all the features here, and the official “What’s New” flyer from Veeam is available here. Some of the new features in this release are:

  • Scalability enhancements
  • ReFS support in Windows 2016 (this is big and will make a huge difference)
  • Support for Microsoft 2016 applications, including Hyper-V
  • Direct restore to Azure
  • Instant restore of physical endpoints (to Hyper-V VMs only)
  • Enhanced vCloud Director support

Also from Veeam is the Backup for Office 365. For you guys using O365 who are existing Veeam customers, you get this free, and that’s a big deal. Check it out here.

One important thing to note, however, is that right now Veeam 9.5 does not support vSphere 6.5 even though they were released on the same day. Support should be added in the first major update which is expected in Q1 of ’17, so stay tuned for that. But even if you’re not going to take advantage of any of the major new supported platform features in 9.5, you should still upgrade because of the better handling of I/O and the internal logic enhancements. It should greatly improve your backup performance and further shorten those backup windows.