vArchitect Newsletter 020

EVC and Spectre/Meltdown

VMware has advised on how to mitigate the Meltdown and Spectre chip design flaws in several of the products. They do however explain that the mitigation tactics will stop attacks but must be considered "a temporary solution only and permanent fixes will be released as soon as they are available." Details are available here

Free NSX E-Books

To continue on our theme of free VMware-related E-Books, here are some free PDF format e-books available to download.

VMware NSX Micro-segmentation Day 1

Main topics:

NSX Micro-segmentation Components, Plan and Design for Micro-segmentation, Creating a Security Group Framework, Policy Creation Tools

VMware NSX Micro-segmentation Day 2

Main topics:

Methodology and Application Visibility, vRealize Log Insight, Application Rule Manager, vRealize Network Insight,

Operationalizing VMware NSX

Main topics:

People, Process, Tools, Consuming NSX

Automating NSX for vSphere with PowerNSX

Main topics: Getting Started with PowerNSX, Logical Switching, Logical Routing, ESG, Load Balancing, DFW, Cross-vCenter NSX, Tools built with PowerNSX.

VSCSI resets in vSphere 6.5.x

We would like to advise customers on potential VSCSI resets that could impact your environment if you are running vSphere 6.5.x. The KBs mention symptoms associated with VMs having a disk larger than 256GB, but this does not seem to always be the case and happens in regular environments as well. The VMs and hosts can become unresponsive, with no ability to cleanly restart the VMs. See the following KBs.

KB 50435

KB 2152008

There is no workaround and VMware recommend upgrading to vSphere 6.5 U1 Patch 2, so if you are still running 6.5 or 6.5U1, we highly recommend that you upgrade to this latest patch.

vSphere 5.5 and vSAN 5.5 End of General Support

End of General Support for VMware vSphere 5.5 and vSAN 5.5 is September 19, 2018. Time flies and this deadline will be here sooner that you think.  To retain your full level of support we recommend upgrading to vSphere 6.5. The vSphere Upgrade Center and Upgrade Planning Tool is a good place to start, and if you get stuck or have questions please feel free to reach out to us.

New RVTools 3.10 released

RVTools is definitely a great tool to use for sizing and designing and it received its first update in about 10 months. Download it here, but also do consider donating to Rob de Veij for all his efforts.

VMware PowerCLI 10.0 release

VMware release VMware Powercli v10 with multi-platform support for both Mac OS and Linux. Details available here, and if you are wondering why the big jump in version read here. This is a big deal because it’s the first release to officially support PowerShell Core since it went GA last month. Do note that not all modules have been ported over to support Core (only the basic ones at this time) but that will be changing over time.

vArchitects Blogs and Articles
Custom ESXi TCP/IP with iSCSI

Some of you may be familiar with custom TCP/IP stacks since they were released with vSphere 6.0, however in our experience they still seem to be virtually unknown or barely utilized. There are several reasons to use them for things like vMotion including separate gateway, separate routing table, and dedicate buffer stream that can improve performance. And while you can create custom stacks (through CLI only) and attach other kernel services to them, one exception is iSCSI. As Duncan reminds us here, this is not supported with iSCSI, and, in fact, if you do so you will find it impossible to set port bindings in your iSCSI soft adapter. Hopefully this changes in the future because it would be useful not to share the default stack, but for now be aware of this and don’t count on it in any of your designs.

Create vROps Resource Object and Custom Metrics with PowerShell

A really cool article from fellow vExpert Vinith Menon was published in late January that details how you can create a custom resource object with metric using PowerShell. In it, the author shares how to create a new resource object like a vRA Active Directory service account password and use vROps’ API to add a metric for that object. Definitely advanced stuff that you may not wish to try on your own production cluster, but it proves that you can add such custom objects to vROps with a little difficulty.

Monitor vROps Linux Processes via REST

For anyone using the EpOps agents, you know it can already monitor Linux (and Windows) processes and scripts. However, this article gives you the ability to automate adding those process monitors through the REST API. Very helpful if you have a large number of deployed EpOps endpoints and wish to add a monitor to a large number in one go programmatically.

Retrieving vRA Custom Properties on a Deployment through API

An interesting article here that shows you how to use the vRA API to get back the custom properties assigned to an existing deployment or machine. Because the API is fragmented between the front-end appliance (café) and the legacy Windows IaaS stack, you’ll need to use both, but the resting place for a deployment lies in the Manager service API. Good to know if you’d like to automate this process with an external system.

Bulk Change of vRA Reservations using Cloud Client

There was a post on the VMTN Communities a while back that showed an neat way to change en masse the reservation of a number of deployments using the Cloud Client tool. Good to know if you are in the same situation.

New Veeam Subscription License

For those asking about this (and there have been lots), Veeam has now listened and opened up their per-VM subscription-based licensing to the masses. It was previously only available to service providers, but by popular demand it’s now general. Get the deets here.

ReFS Fixes Here for Windows Server 2016

We wrote last time about several ReFS issue plaguing users of Windows Server 2016, especially manifest in those using it as a Veeam repository. It seems after long last, Gostev has informed us that Microsoft, through much hard work, have finally squashed all of these in the latest roll-up you should begin seeing for Server 2016. From the internal responses Veeam have received in working with select customers, this final update seems to have eliminated all outstanding issues. This is great news if you either are using this combination today or have waited until it stabilized. After a little more time to settle in, we would feel comfortable recommending this as a solid Veeam repository.

Veeam Availability Orchestrator 1.0 Released

Veeam have just released a new product called Veeam Availability Orchestrator (VAO) and it’s something we’ve heard about in the past and have been anticipating. The idea behind this product is to automate lots of activities that go on with DR planning like testing failovers, creating documentation, readiness checks, and much more. Michael has a good introductory article here, and the release notes are published (PDF) here.

VMware Release/Updates: vCenter 6.5 U1f, PKS, vRNI 3.7

Some notable releases in this newsletter.

  • vCenter 6.5 U1f
    • Security patch over 6.5 U1e for Meltdown and Spectre-1.
    • Overview of this here.
  • Pivotal Container Service (PKS)
    • 0 release of the highly-anticipated container service on Kubernetes.
    • Supports vSphere and GCP
    • Networking with NSX-T
    • Enterprise grade
    • Blog post here.
  • vRealize Network Insight 3.7
    • New upgrade path in UI
    • New dashboards
    • Updated NSX support
    • Release notes here.
vSphere Hybrid Certificates Replacement

Although this is an older article, we include it as a reminder on a recommended certificate replacement path as there is still much confusion over certificates in vSphere. In short, if on vSphere 6.x, replace only the machine certificates on vCSA and the PSC while using VMCA to sign the ESXi host certificates. Doing so will make your life simpler and will ensure much higher rates of certificate management success.

vRA 7.2 error in request form “data specified within the request is invalid”

Something Chip recently saw in an engagement is a cryptic error warning that the “data specified within the request is invalid” after changing a custom property definition type. Turns out this is a known defect in 7.2 and was addressed in 7.3, but VMware offers a patch you can use to either resolve this issue or have a better error message returned which points you to the exact offending property.

The Importance of hostnames over IP addresses in vSphere

As the last article before we leave you this month, we wanted to take a minute to explain why you should always be using hostnames over IPs when it comes to vSphere. This is something we see far, far too common which can lead to a number of problems or headaches. When deploying ESXi hosts, it might seem easy to just assign a static IP and add them to vCenter, and while this may work it is not ideal. Always add your ESXi hosts by hostname and not IP address. Some things this may impact down the line are changes to the management vmkernel IP, certificates, and simple descriptive naming identifying the host’s location in a datacenter.

Secondly, with vCenter, it is extremely important you always use fully-qualified hostnames, yes, even in lab environments. As of vSphere 6.5, there are some stringent requirements when it comes to deployment. One of those is proper forward and reverse DNS records for the vCSA. In fact, the installer will attempt to look itself up by its system name and if it can’t find itself will complain. This is your warning that, “hey, stop what you’re doing and fix me.” Using the IP instead of the hostname can create service failures and prevent you from changing the name of vCenter if you ever want to. Yes, that’s right. If you used an IP address to deploy vCenter in place of a hostname you can never ever change the name of vCenter. Make sure to read that once again to fully understand the implications of it. Of the majority of vCSA deployment and operational failures we see, the most common are due to not having proper FQDNs assigned. Although it may be a little tiresome to request or create DNS records, understand that DNS is considered basic, core infrastructure and without it things will not work properly let alone at all. Take thirty or sixty seconds to go and create proper DNS records, your vSphere infrastructure will thank you for it on down the line as it is likely to save you a lot of time and grief.