vArchitect Newsletter 006

ESXTop Visualization Tool

This is a pretty neat tool we just learned about. It’s a free, Java-based utility that accepts all sorts of performance monitoring files and outputs them in visual graphs. Very handy for recording ESXTop feeds and generating graphs and reports. Get NMONVisualizer here.

Alert management changes in vROps 6.4

vROps 6.4 was released around the same time vSphere 6.5 was, and some really cool features it brings surround alert management. First, alerts can be grouped using a new grouping button. This will allow you to collapse all alerts of the same type into one line. Second, is the ability to disable a given alert type right from the alerts pane. This is seriously useful if you’re just getting started with vROps and want a quick way to customize your policy to filter out alerts you don’t care about, but without having to and dig into policy alert settings. John has a good blog article on the scoop here. Also, there’s a great article from Iwan that covers all the new features in 6.4 with emphasis on the dashboards here.

New Image Builder GUI in vSphere 6.5

Something vSphere 6.5 brings which is very useful is FINALLY a GUI for Autodeploy. Many of you may not have used or played with Autodeploy before, but in the past you had to manage all the rules and images manually using PowerCLI. Now, it can all be done through the web client in vCenter 6.5. Something else you could do with this new GUI is to use the image builder functionality to build your custom ESXi ISO. So, for example, for those using Dell hardware, you could upload the OpenManage VIB (which you should be using), upload the Dell custom ISO for ESXi 6.5, combine the two (plus others) and download a new, custom ISO which could then get installed across your datacenter. Vladan has the low-down in this article.

Changes to XtremIO SATP

We know many of you out there have XtremIO arrays. Something you may want to be aware of is how the default claim rule is changing for the better to accommodate you. In recent patches of ESXi 5.5 and 6.0 (6.5 has the change OOB), XtremIO devices will automatically be claimed with Round Robin set and path-switching frequency IOPS set to 1. Itzik has the story here. Also, as he points out, this doesn’t mean you can ignore other important ESXi settings. If you’re not using VSI for vCenter in your environment, you really should consider it. It’s free and can automate those changes for you, among many other things.

PowerCLI for VM Encryption

Mike has a good blog article on the new PowerCLI module for VM encryption that is available in vSphere 6.5. If you’re a big PowerCLI user and also want to make use of VM encryption, then see his article here on how you can get started. Do note that VM encryption in vSphere 6.5 isn’t just a simple button-click experience—it requires additional infrastructure (key management server) and some planning. We’ll probably put out some more content on that as time goes on, so be on the lookout.

vRealize Automation Guest Agent blog series

Chip did quite a bit of work examining the vRA guest agent and how to use some of its most frequently requested abilities in a series of three blog articles. In those articles, he shows how you can do things like add the machine requestor to the local administrators group on Windows boxes, deploy software using scripts, and run shell commands on Linux VMs. Some of this content is never-before-seen stuff and may be of interest. Check them out at www.sovsystems.com/blog.

Veeam 9.5 upgrade experience and hidden features

Just a note to those users with Veeam who are contemplating upgrading to 9.5, you should go for it. We did the upgrade here in the lab and it went super smooth. No issues at all. If you’re using Enterprise Manager (BEM), then you’ll have to upgrade that first and it will require a reboot. Remember to also upgrade any systems that have the Console installed, and you’ll need the ISO for that or just extract the packages from disc. Something else we wanted to call out that didn’t get a whole lot of publicity is support for the EMC Unity array for storage integrations, and Data Domain OS 6.0 which has the Cloud Tier option.

vSphere 6.5 Update Manager is built-in to the vCSA

Wanted to quickly call this out for those that didn’t know, but starting in vSphere 6.5 and, specifically the vCenter Server Appliance 6.5, Update Manager is now BUILT-IN to the appliance. That’s a big deal for those that wanted to get away from Windows entirely because now you can do so and free up a Windows license. There’s nothing extra to install in the appliance and nothing to activate. It’s just there. If you aren’t using the vCSA, you really should be, especially that the 6.5 installer can migrate you from a 6.0 Windows vCenter at the same time.

Sovereign Health Check pointers:  SSO default domains, password policy

In the last article, we mentioned something we typically see when conducting Sovereign health checks of customer VMware environments. In this newsletter, we come at you with another one. This time it’s about SSO configuration and best practices.

The first thing is around the SSO password policy. By default, SSO user accounts in the default vsphere.local (or whatever you called your first site) domain expire after 90 days. This means, if you didn’t change the policy, your administrator@vsphere.local account will not permit logins after this. For some organizations, this is acceptable and may even be a requirement. For others, they can do with a longer term. Whatever the case is in your environment, be aware of this and go check to see what you have configured.

To make it unlimited, edit the policy and change the days to like “99999” as seen above.

The second thing is around the SSO default domain. SSO uses identity sources to determine where it will authenticate users. There are two sites configured out of the box:  vsphere.local, which is the internal SSO domain; and “localos” which is the operating system itself. Localos is always listed as the default domain, which means when you attempt to login to the web client, if there is no domain information specified, SSO will look to its default domain to try and match the user. In virtually all cases, users configure SSO to use Active Directory. What they don’t change, however, is the default domain to be that new AD identity source. This isn’t a requirement, but it does save some additional typing if all your logins are coming from AD. It’s a simple thing to switch.

Just select your AD authentication source so it is highlighted, and click the  button to assign it as the default domain. Once done, “(default)” will appear in the Domain column as it does above.

Docker vRA blueprints on the Sample Exchange

Docker and containers is exploding right now, especially since vRA 7.2 can now interact with containers out of the box. To enable users to get started easier and quicker, Chip created a number of vRA blueprints which install and configure Docker for you on Linux, Photon OS, and even newly-available Docker on Windows Server 2016. In addition, there’s also an epic blueprint for Docker Swarm out there which lets you deploy any type of Swarm configuration you want as a service, and it only uses a single software component. Go check out what’s available and see what you can do with them.

PowervRA Updated

For those not familiar, there is an awesome project out there called PowervRA which is a PowerShell module designed to interact with vRealize Automation. It is community driven, free, and has a ton of cmdlets which let you do tons with vRA. It was recently updated to add even more functionality, so highly recommended if automating vRA with PowerShell is something that interests you.

New vSAN Management Pack for vROps

There’s a new Management Pack for vSAN on the Solutions Exchange that was released on December 16. It isn’t said anywhere in the notes, but this appears to replace the previous Management Pack for Storage Devices or MPSD as it was known. Do pay attention to the prerequisites if this interests you, however, as only vROps 6.4 and vSAN 6.2 or 6.5 are supported. Make sure also that you use an account with more than just read-only permissions as it won’t be able to collect on your storage policies.

vSphere 6.5 Top 10 Things to Read

Eric has a terrific list of curated articles from various bloggers and authors over the ten biggest features/changes in vSphere 6.5. His list has articles on VM encryption, vVols 2.0, HA and DRS changes, UNMAP, vCSA, and others. If you want basically a one-stop-shop method of getting good info on vSphere 6.5, this is a good place to go.