Setup SSL Certificates For vSphere Lab-Part-2-Creating Certificate templates

Manish Jha

In our last post Setup SSL Certificate Authority For vSphere Lab we saw how to add CA Server Role to a windows server 2008 machine. In this post we will see how to generate certificates.

1: Launch Certificate Authority console from Administrative Tools.

ssl-20

2: Right Click on Certificate Template and click Manage.

ssl-21

3: Select the Windows Authentication Template and right click on it and select Duplicate Template.

ssl-22

4: Select Windows server 2008 Enterprise and hit OK.

ssl-23

5: Give the new certificate template a name. Also we need to change some of the properties of the new template.

I have changed the validity period to 5 years and selected Publish certificate in AD and Do not automatically reenroll option.

ssl-24

6: Go to Security tab and  change the “Domain Computers” permissions to read and autoenroll the certificate.

ssl-25

7: Go to Extensions Tab and change the Application Policies to include both Client and Server Authentication.… Read More

Setup SSL Certificates For vSphere Lab-Part-1-Configuring CA Server

Manish Jha

This week I was looking for setting up CA Server for generating SSL certificates which can be used in my vSphere Home Lab. Using Self-Signed certificates usually work in a lab environment, but its good to know how to work with signed certificates as in production environment organizations don’t use self-signed certificates and rely on SSL certificates bought from 3rd party like Thawte or Verisign.

Having your own CA is useful for testing SSL and other services that require certificates without the need to purchase certificates from a third party.  However, these certificates will not be automatically trusted by computers external to your AD domain, so there are some limitations.

In this post I am going to share the steps needed to configure a Windows 2008 R2 Server as Certificate Authority.

Prerequisites

  • Active Directory Domain already setup and configured
  • Server 2008 installed and joined to domain

Lets begin with configuring Server 2008 as CA server.… Read More

Configuring Port Binding Using CLI

Manish Jha

In my last post Configuring Multipathing for Software iSCSI Using Port Binding we saw how to configure port binding and achieve multipathing for software iSCSI using GUI. In this post we will learn how to achieve the same using CLI.

I have posted an article Managing vSphere Network From Command Line sometime back and we will be using some commands to configure the network first. So lets begin.

1: Verify number of uplinks available on Esxi host

# esxcli network nic list

icli-1

2: List all Standard vSwitch along with associated uplink

# esxcli network vswitch standard list

icli-2

So we have 3 uplinks on Esxi host here: vmnic0,vmnic1 and vmnic2. Out of this vmnic0 is connected to vSwitch0 and providing the management network. We will create a new vswitch and use vmnic1 and vmnic2 as uplink to that vswitch.

3: Create a standard vSwitch by name iscsi-vSwitch

#  esxcli network vswitch standard add -v iscsi-vSwitch -P 256

4: Add vmnic1 and vmnic2 as uplink to “iscsi-vSwitch”

# esxcli network vswitch standard uplink add -u=vmnic1 -v=iscsi-vSwitch

# esxcli network vswitch standard uplink add -u=vmnic2 -v=iscsi-vSwitch

icli-3

5: Make the uplinks as active

#  esxcli network vswitch standard policy failover set -a vmnic1,vmnic2 -v iscsi-vSwitch

6: Add 2 portgroups (iscsi-PG1 and iscsi-PG2) to iscsi-vSwitch

# esxcli network vswitch standard portgroup add -p=iscsi-PG1 -v=iscsi-vSwitch

# esxcli network vswitch standard portgroup add -p=iscsi-PG2 -v=iscsi-vSwitch

icli-4

7: Associate the uplinks with the correct portgroups

# esxcli network vswitch standard portgroup policy failover set -a vmnic1 -p iscsi-PG1

# esxcli network vswitch standard portgroup policy failover set -a vmnic2 -p iscsi-PG2

icli-5

8: Create the VMkernel interfaces and associate them with the portgroups iscsi-PG1 and iscsi-PG2

# esxcli network ip interface add -p iscsi-PG1 -i vmk1

# esxcli network ip interface add -p iscsi-PG2 -i vmk2

# esxcli network ip interface ipv4 set -i vmk1 -I 192.168.0.161 -N 255.255.255.0 -t static

# esxcli network ip interface ipv4 set -i vmk2 -I 192.168.0.162 -N 255.255.255.0 -t static

icli-6

9: Enable and Configure the iSCSI Software Adapter

# esxcli iscsi software set -e true

icli-7

10: Configure IP addresses of the iSCSI targets

# esxcli iscsi adapter discovery sendtarget add -a 192.168.0.90:3260 -A vmhba33

icli-8

Configure Port Binding

11: Bind the VMkernel network adapter to the iSCSI adapter

# esxcli iscsi networkportal add –nic vmk1 –adapter vmhba33

# esxcli iscsi networkportal add –nic vmk2 –adapter vmhba33
icli-11

Note: Binding details can be verified by using the following command:

# esxcli iscsi networkportal list –adapter vmhba33

iSCSI Re-login

If you have an already established iSCSI session before port binding configuration, you can remove the existing iSCSI sessions and log in again for the port binding configuration to take effect.… Read More

Configuring Multipathing for Software iSCSI Using Port Binding

Manish Jha

In this post we will learn how to achieve multipathing when using software iSCSI adapters to connect to Storage Array.

What is Multipathing?

Multipathing is having more than one path to storage devices from your server. At a given time more than one paths are used to connect to the LUN’s on storage device. It provides the ability to load-balance between paths when all paths are present and to handle failures of a path at any point between the server and the storage. Multipathing is a de-facto standard for most Fibre Channel SAN environments.

Multipathing for software iSCSI

For environments which uses software iSCSI to connect to Storage Array, multipathing is possible at the VMkernel network adapter level, but it is not the default configuration. The default iSCSI configuration creates only one path from the software iSCSI adapter (vmhba) to each iSCSI target.

To enable failover at the path level and to load-balance I/O traffic between paths, we have to configure port binding to create multiple paths between the software iSCSI adapters on Esxi servers and the storage array.… Read More

Diving Deep into VMware Fault Tolerance

Manish Jha

Today I was reading a whitepaper on VMware FT and came across some cool facts. In this post I am going to share some excerpts from that whitepaper.

Server virtualization has become very popular and grown very fast in last few years and enterprise started to use virtualization more and more to gain the benefits provided by virtualization such as:

1: Higher server consolidation ratios.

2: Better resource utilization (Using DRS).

3: Lower power consumption (Leveraging DPM).

4: Increased workload mobility via technologies such as vMotion and svMotion.

Features such as Distributed Resource Scheduler (DRS) and Distributed Power Management (DPM) are giving organizations a flexibility to go for a even higher consolidation ration than ever before. DRS is now a very trusted feature and almost all organizations are happy to use it in fully automated mode which was not the case earlier when DRS was introduced by VMware.

DRS and DPM complement the hardware evolution trends by applying dynamic resource allocation to lower the capital and operating costs in a datacenter.… Read More

ESXi Configuration Backup- Free tool for your lab

Manish Jha

This week I decided to test some software’s which can take configuration backup of my Esxi hosts and possibly vCenter Server also. I found one very good tool named Esxi Configuration Backup . I will demonstrate how to use this tool here. This tool can be pretty handy for lab environments and also for small environments where you don’t have large number of Esxi hosts.

ESXi Configuration Backup is a tool which can take backup of multiple ESXi  host configurations. It can also backup the vCenter Server database if database and vCenter are installed on same machine. There is a default retention policy set up for 2 weeks.

We can also create a windows scheduled tasks  for automating the backup or can go with the manual method.

Following are the features of Esxi Configuration Backup tool

  • Automatically backup multiple Esxi 4, 5 and 6 configurations.
  • Backup of any local Microsoft SQL Databases.
Read More

VMware vCenter Multi-Hypervisor Manager (MHM)

Manish Jha

VMware vCenter Multi-Hypervisor Manager

VMware vCenter Multi-Hypervisor Manager (MHM) is a vCenter component that provides an integrated platform for managing VMware and third-party hypervisors from a single interface.

The list of supported hypervisors can be summarized as below:

  1. Microsoft Hyper-V Server 2012
  2. Microsoft Hyper-V for Windows Server 2012
  3. Microsoft Hyper-V Server 2008 R2
  4. Microsoft Hyper-V for Windows Server 2008 R2
  5. Microsoft Hyper-V for Windows Server 2008

MHM supports heterogeneous hypervisors in VMware vCenter Server and it let administrators to choose which hypervisor meets a specific business unit’s needs within an organization. When a third-party host is added to vCenter Server, all virtual machines (VMs)  that exist on the host are discovered automatically and added to the third-party hosts inventory. Administrators can modify permissions, adjust server configurations, provision new VMs, migrate VMs from Hyper-V to ESXi and power hosts off and on.

Operations Supported by MHM:

  • Manage Hyper-V hosts and virtual machines (VMs) from vCenter.
Read More

Understanding CPU Over Commitment

Manish Jha

over commitment in its simplest term means allocating more resources to virtual workloads then what is available at physical level. Most common resources that are over committed are memory and cpu.

A simple example of over commitment can be running 3 VM each with 4 GB RAM on an Esxi host which has only 8 GB RAM. In this case we have allocated 12 GB RAM to all VM’s collectively but at physical level (Esxi host) we have only 8 GB RAM available.

It is a general belief by most novice VMware admins that allocating more resources to virtual machines means better performance. When I started working with VMware I also used to think in the same way.

It was the vSphere Optimize and Scale training, where I learned this is not true and how over commitment can badly affect VM performance.

In this post I am trying to demonstrate the negative affects of CPU over commitment.… Read More

vCenter Orchestrator (vCO) 5.5-Part-2-Executing Workflow using vCO

Manish Jha

In part-1 of this series we have configured the vCO settings and added vCenter Server where we will be executing the workflows from vCO.

In this part we will see how to use vCO to execute the workflows. A lot of pre-defined workflows are already integrated in vCO and you can import or create your custom workflows as well.

If you have missed earlier posts of this series click on below link to get started:

Part-1-Installing & Configuring vCO

Login to vSphere Web-Client to get started

1: Open your web-browser and type https://vCenterFQDN:9443/vsphere-client/

vco-15

2: We will find our vCO server under the vCenter Orchestrator plug-in.

vco-16

3. Lets start with a very basic workflow of creating a new VM.

Click Workflows and expand the Library to see all the pre-configured workflows.
Expand vCenter –> Virtual Machine Management –> Basic
Right click “Create simple virtual machine”

vco-17

4. A new window will pop-up where you have to provide the inputs.… Read More

vCenter Orchestrator (vCO) 5.5-Part-1- Installing & Configuring vCO

Manish Jha

vCenter Orchestrator (vCO) is a cool product from VMware which allows you to create tasks and automated workflows which and be run directly within vSphere Web Client or the vCenter Orchestrator Client.

vCO brings automation to the next level and helps admins, engineers to orchestrate and integrate your cloud with the rest of management systems.

There are a number of pre-made workflows integrated in vCO to get you started. Almost any task that can be performed in vCenter can be automated through vCO. With the use of AD integration, API’s and other 3rd party plugin’s vCO becomes more powerful and can save a lot of time for the VMware admins.

Workflows can be anything from simple workflows that contain a single task to say create a virtual machine, to complicated workflows containing many tasks that might build an entire solution and integrate with 3rd party plugins.

vCO is included with vCenter Server and it’s free!  … Read More