vArchitect Newsletter 007

Veeam 9.5 Update 1 released

Big news this month for those waiting to upgrade to vSphere 6.5. Veeam 9.5 Update 1, bringing support for vSphere 6.5, has been released along with major updates to ONE, Office 365, and the 2.0 public beta for the Windows Agent. Release notes for B&R and ONE are here and here. Some other nice things Update 1 brings to B&R is support for Data Domain OS 6.0, so if you’re using DD exclusively as a Veeam repo, you should definitely consider updating to 6.0 because of the synthetic transformation benefits you’ll see (read: quicker transform times). This update also allows for the first time the new Veeam Agent for Linux to back up to Veeam repos. Something else noteworthy is support for NBD compression, although that should be carefully tested. If you don’t have physical proxies in direct SAN mode (first recommendation) and are forced to use NBD on already-saturated 1 GbE management uplinks, this could be nice for you.

Understanding Storage Policy-Based Management (SPBM)

Something we don’t see enough people using and they really should be, especially if they’re licensed for it, is SPBM. Even if you don’t have vSAN (which mandates use of SPBM) or vVols, you can still use it. There is a good blog article here which helps you understand what this is and why it’s so valuable, so recommend you take a read if it interests you.

New flings for vROps

A couple new flings were released for vROps-related tasks. First is an upgrade kit for Endpoint Operations agents. This fling will discover outdated EpOps agents and update them from the appliance. No need to go to every one and do it manually. I ran into some problems with the first release and am waiting for the second one to be made available. Second is the email template manager. This one manages the email templates vROps uses to send outbound notifications. It’s pretty basic right now in that you can only change fields in the template, but hopefully they improve it where you can customize the entire email. Still, though, it beats the heck out of configuring those templates by hand on the appliance.

KB Digest link

Most of us don’t really browse KB articles or casually read the dictionary (or any other reference material, for that matter), but being aware of new issues that effect you can be extremely helpful. Every week, VMware publishes a list of new KB articles published and groups them by product. You can get those KBs here and you’d be wise to put it into your RSS feed aggregator and check them out.

Transfer server storage in vCloud Director servers group

While at customer sites performing our vCD Health Check services, we often find that the shared storage volume, referred to as transfer server storage, is not configured appropriately when using NFS for a vCloud Director server group. Problems range from sizing to ownership and permission access. This directory plays an important role within vCD and provides temporary storage for upload and download of ISO and OVF, catalog items that are subscribed externally as well as files created by the vCloud Director log data collector script with the multi-cell option.

For the requirements, there are basically two questions you need to ask:

  1. Do you want to upload/download ISOs and OVFs and have catalogs that are subscribed externally, and only run the vCD log data collector script locally to each vCD cell?
  2. Do you want to upload/download ISOs and OVFs and have catalogs that are subscribed externally, as well as run the vCD log data collector script with multi-cell options?

If your answer is 1:

  • Change ownership of the vcloud user
    • # chown –R vcloud:vcloud /opt/vmware/vcloud-director/data/transfer/*
  • Change permission
    • # chown 750 /opt/vmware/vcloud-director/data/transfer/*
  • Set /etc/fstab to auto mount the NFS share on start up.

If your answer is 2:

  • This requires some additional configuration on your NFS server to make sure that both vCD cells can read/write to the shared location.
  • Setting chmod 1777 permissions on the volume on the NFS server that is the shared location that is exported in the export list, OR
  • Using no_root_squash in the NFS export configuration for this shared location
  • Additional information provided in the KB 2086127 article:

Best practices for the shared storage volume:

  • Each vCD cell server must mount the NFS shared volume at the same mount point.
  • Size the shared storage volume size appropriately. This is especially important if using catalogs that are published externally since your size can grow exponentially. A good starting size is around 500 GB.
  • The shared storage volume should be easily expandable.
  • VMware has a best practices KB for general vCD 5.5 installation.
VMware vRealize Network Insight 3.2.0

VMware recently released a new version of vRNI which provides some great new additional features to an already awesome product.  Here is a brief highlight of these features with detailed information available from the release notes:

  • Application Centric Micro-segmentation
  • XML Export of Firewall Rules
  • Visualization of NSX Edge NAT North/South Gateways
  • SNMP Traps for outbound alerting to 3rd party SNMP platforms
  • NSX Distributed Firewall Rules Analytics and Visualization Enhancements
  • NSX configuration assurance, health, and capacity checks
  • Platform security enhancements
  • On-Line Upgrading

For those of you who are unfamiliar with vRNI (previously called Arkin) it is VMware’s management and monitoring tool for software-defined networks (SDN), which delivers intelligent operations for software-defined networking and security, with converged visibility across virtual and physical networks as well as planning and recommendations for micro-segmentation and operations management for NSX.

Veeam Agent for Windows 2.0

Back in the day, there was the Veeam Endpoint Free product (well, it’s still available, actually) which was/is designed for laptops and desktops running Windows. Today, Veeam is opening up the beta program for the renamed product called “Veeam Agent”, except this time it officially supports Windows Server OSs and, at great request, has production-grade support for it. Hit the link to sign up, and of course we’ll have more on that as time goes on. Alan has a pretty good article on its features compared to the free version.

Rubrik SQL Agent for vRealize Automation blueprint

We’ve been testing the Rubrik backup appliance in the lab lately putting it through its paces, checking out its features, seeing where it needs improvement, etc. One of the features the Rubrik system offers is backing up SQL databases on Windows via a persistent SQL agent. So with the extended hands-on time in the lab, Chip took it upon himself to try and automate the installation and configuration of that through vRA. The results are two software component blueprints for vRA, both of which are freely available on the Samples Exchange (now VMware {Code}):  the Rubrik SQL backup agent, and a SQL Server 2014 blueprint. A pretty good description with screenshots on how to use them can be found on the Rubrik blueprint page, but do remember that with any software components you need a vRA Enterprise license.

Host Profiles improvements in vSphere 6.5

One of the nicest improvements in vSphere 6.5 is in host profiles. While there are several enhancements to discuss there, the most welcome feature is the ability to see what specifically is causing a host to be non-compliant. This new video from VMware talks about those improvements and lays them out nicely.

Joining the vCSA to Active Directory

Are you using the vCenter Server Appliance? If not, you need to be. But if you are, you may not be aware you can join it to AD to do things like integrated Windows authentication or simple SSO external identity source setup. If the appliance isn’t joined to AD, you can’t do these things, but fortunately it’s a simple process to join. Follow these steps below, recorded on a vCenter 6.5.

Login to the web client with a user who is a member of the SystemConfiguration.Administrators group.

From the Home menu, go to Administration -> System Configuration and click on the Nodes entry to see all your systems.

Once here, you’ll see all your vCenters and PSCs. If you’re using an external PSC, you’ll want to click on that, otherwise they’ll be one and the same like in this example.

Click on the Manage tab and then Active Directory under Advanced. Click the Join button and fill in the information pertinent to your domain, then reboot the appliance for it to take effect.

Your appliance is now joined to AD.

Data corruption alert on Windows Server 2016 with deduplication

Something fairly serious of which to be aware here if you’re using Veeam and a storage repository backed by a Windows Server 2016 volume with deduplication turned on. Data corruption has been observed on this configuration for some users on the Veeam forums with a Microsoft patch in preview now. Until this is released and the issue resolved, it’s advised you perform an active full backup on any backup jobs to a repository other than a deduplicating volume on 2016. And just a reminder, this is why it’s important to have storage-level corruption guard enabled in your backup jobs. You can find this in the Maintenance tab, so do enable and use that very valuable feature.