vArchitect Newsletter 011

NSX training and certification package through VMUG Advantage

VMUG is currently running a promotion that provides a great deal on NSX training and certification package. The offer costs $1995 (regularly costs over $4000) and includes the following:

  • VMware NSX: Install, Configure, Manage [V6.2] - On Demand Content
  • VMware NSX: Install, Configure, Manage [V6.2] - On Demand Lab
  • VMware vSphere 6 Foundations Exam Voucher
  • VMware Certification Exam Prep: VCP6 - Network Virtualization Exam v6.2
  • VMware Certification Exam Prep: vSphere 6 Foundations Exam

This offer expires June 30th, 2017 and requires you to purchase VMUG Advantage which includes the following additional benefits:

  • EVALExperience (365-day evaluation license for personal use in a non-production environment)
  • 20% Discount on VMware Training Classes
  • 20% Discount on VMware Certification Exams
  • $500 IBM SoftLayer Cloud Credit
  • 35% Discount on VMware Lab Connect
  • $100 Discount on VMworld Attendance
  • Exclusive NSX Training & Certification Package
Beta launch of docs.vmware.com

This week VMware did a beta launch of its new documentation portal that unifies the product documentation for all products, versions, and languages into a single site so you can find the information that you are looking for more quickly.

“Find” is the key word here and the search functionality has been greatly improved to help you more easily locate relevant content:

  • New Elastic Search engine
  • Search the entire site or a specific book
  • Features search on every page

Going forward view all your VMware documentations here.

VeeamON 2017

The week of May 15th saw VeeamON 2017 happening down in New Orleans, and Chip was in attendance gathering intel. and the latest word on releases. In a nutshell, here’s what’s coming that has been announced:

  • VBR v10: Native Agent support, NAS backup, archiving to cloud, continuous replication, and universal storage API.
  • Veeam Availability Orchestrator: Layer on top of VBR for additional failover plan orchestration. Automatic documentation of DR plans.
  • Veeam Availability for AWS: First native backup for AWS. Protects EC2 instances by partnering with N2W Software using Cloud Protection Manager.
  • Azure Private Network: Creates VPN tunnel between Azure and on-prem using an appliance in both locations. Allows restoring workloads to Azure and bringing up on same IP. DR to Azure, basically.
  • Office 365 v1.5: Multi-tenant support, multi-repository, REST API, Powershell SDK, and version 2 will support OneDrive for Business and Sharepoint.

All in all, it was a good conference with lots of new things coming. With VBR v10, Veeam is finally closing the gap on the major requests customers have had with the product. And just FYI, the Veeam Windows Agent 2.0 was released along with the Veeam Linux Agent 1.0 Update 1, and both of these can back up to a 9.5 U2 repository and, with a paid license, you get full support. So Veeam can already do physical right now. Version 10 will see those agents come into the backup console so you can manage them like any other job.

Does ransomware make you WannaCry?

Unless you were living under a rock, you heard about the massive ransomware attack called “WannaCry.” This was undoubtedly the largest and most serious orchestrated attack in history that wreaked massive havoc across especially Europe. And, as to be expected, any vendor who is remotely technology oriented and has a widget to sell is proclaiming how, “if only you had bought our product you could have avoided this attack. But wait! There’s still time to buy!” While there are certainly products that can help, the single biggest source of help isn’t a product but rather a process or methodology when it comes to how you protect data. While these tips are vendor agnostic, we’ll frame them in the context of Veeam since that’s what we see most often and what we use internally:

  1. The 3-2-1 rule is real, people. 3 copies of your data; 2 different media; 1 being offsite. If you aren’t using backup copy jobs to some other device and another location, you aren’t protected enough.
  2. Get your data OUT OF THE STORAGE VENDOR’S HANDS. Your $2M all-flash array is awesome and all, but replication of storage snapshots is not backup—it’s insurance. And insurance is only as good as the company issuing the policy. Logical corruption replicates, and so do files that are encrypted. Take the data into your hands and move it elsewhere out of your vendor’s grasp.
  3. Use CloudConnect. WannaCry and similar ransomware cannot follow backup copy data through a CloudConnect portal (they don’t carry Veeam libraries). If you don’t have that DR site or additional storage device, partner up with a CloudConnect provider and get that data off-premises and into another location. This helps meet the 3-2-1 rule. Backups need to be air gapped to be truly safe, and CloudConnect is a way to essentially do that.
  4. Linux is now fair game. Yep, that’s right, WannaCry has now come to Linux. The EternalBlue exploit for Linux, aka SambaCry (CVE-2017-7494), has been published last week, so it’s only a matter of time now. This one could be bad because it exploits vulnerabilities in Samba from about 2010 to present and is very easy to trigger. Use the Veeam Linux Agent and get that data pushed to a Veeam repository, then copy that data elsewhere.
PowerCLI 6.5.1 released

PowerCLI 6.5.1 was released not too long ago, and the biggest change here is it has moved to the Windows PowerShell gallery! That means installation is super easy now with a simple “Install-Module VMware.PowerCLI” command. Do make sure you remove any previous versions first, however. Chris has a good write-up on his blog here, and the official post can be found here. Also to note, in order to use the cmdlets that access the Gallery, you need to be on PowerShell v5 or above. For Windows 10/2016 users, this is built-in, and for everyone else you’ll need to update. Depending on your version, it’ll probably mean a reboot, but it’s well worth it.

VMware Tools updated to fix RSS issue on VMXNET 3 driver

This one didn’t see the press it deserved. We wrote last month about a big issue involving the VMXNET 3 NIC type and RSS. VMware released a fix for this in the latest VMware Tools package version 10.1.7. The release notes you can find here. And if you need to update to this, you can certainly do that out-of-band from ESXi releases, but you’ll need to put the new VMware Tools package in the product locker section of ESXi. An easier way to go about this is to configure a shared locker that points to a datastore to which all hosts have access. Brian has some good articles and methods to go about doing this here and here. Also worth pointing out is the bifurcation of the VMware Tools packages and maintaining a separate branch for legacy versus current operating systems.

vRealize Automation 7.3 released

vRA 7.3 was released on May 16, and even though it’s a point release it brings with it many great things. Check the release notes here. One of the (many) great things is that NSX is no longer tied to your vSphere endpoint, and it doesn’t live out of vRO—it’s a first-class endpoint citizen serviced directly from the vRA appliance. That and in addition the much-expanded support for NSX operations make this a must-have for any shops that use these two products. There are just lots and lots of great new things here and we can’t list them all, but we’re really excited about this one.

Veeam Agent for Microsoft Windows blueprint for vRealize Automation

If you’re using Veeam and vRA, you may find a new software blueprint by Chip useful that automates the installation and licensing setup of the Veeam Agent for Windows on a deployed VM. Download is free and can be found on VMware Code here. This would be ideal when deploying to AWS or Azure (which now supports software blueprints as of vRA 7.3) since you can back up those cloud workloads with the agents and it’s totally supported.

How to upgrade vROps

Many people are still very much unaware (and how easy it is) how to upgrade vRealize Operations Manager each release. For those folks, have a look at David’s blog here on the subject. You very much want to snapshot your appliance(s), however, but do NOT quiesce the disk. vROps has had a couple issues in the past where it will crash the application server if it sees a request for a quiesce. Also, in his step 6, we recommend checking the box to Reset Default Content. Very often, vROps includes updates to things like alarms, dashboards, and views (in addition to new ones), and without this box being checked, it won’t give you those updated items and you might see some errors or odd behavior as a result. Doing so also means any changes or customizations you have made to that default content will be overwritten. As a best practice, NEVER update default vROps content—always clone it to something new and make your edits there.

Updates to VMware Fusion and Workstation

Both Fusion and Workstation saw updates that bring Windows Creator support along with some minor fixes and improvements. You should get prompted when you open those apps to update, and it’s easy as always.