In my Lab deployments of NSX I’ve come across an issue whereby logging into the vSphere Web Client with authorized accounts results in the inability to manage NSX via the Networking and Security Plugin. If an account doesn’t have access to administer NSX you will see the 0 NSX Managers reported in the Web Client
Posting a very quick fix to an issue that I have seen pop up during all my installs to date of PernixData FVP Management Server (v2.x) whereby the Management Server Service Fails to start after a successful install. Once the install completes successfully if you go to the vCenter Web or VI Client to start
Received an email this morning from Veeam letting me know that a zero day patch was available that addresses the CBT Bug mentioned in my previous New Feature Post and highlighted by Luca here: You are receiving this because our records indicate that you have downloaded Veeam Backup & Replication v8 RTM build. VMware disclosed a Changed Block
Last Friday Veeam released version 8 of their Backup and Replication product and like the previous releases the features keep on coming with improvements to an already rock solid backup platform continuing. Most exciting from my point of view is the debut of Veeam Cloud Connect which I have been lucky enough to be beta testing
In my Lab deployments of NSX I’ve come across an issue whereby logging into the vSphere Web Client with authorized accounts results in the inability to manage NSX via the Networking and Security Plugin. If an account doesn’t have access to administer NSX you will see the 0 NSX Managers reported in the Web Client as shown below.
There isn’t a lot of detailed guidelines at the moment as to what needs to be configured in the NSX Manager and Web Client Plugin to grant access to users other than the specified NSX service account and SSO Administrator. I’ve found that NSX loves FQDNs when configuring user access especially if logging in with Domain Accounts.
Configuring NSX Management Service:
Log into the NSX Manager and go to Manager -> NSX Management Service where you configure the Lookup Service and vCenter Server connectivity. While I’ve seen example configs using IP addresses for the Lookup Service and vCenter Server I’d suggest using a FQDN/DNS Names for production deployments…But more importantly I’ve discovered that using the UPN format for User Names works best when using Domain Accounts for admin.
Most important configuration item here is using the UPN for the vCenter User Name…in my case I use a dedicated service account called service.nsx. Using the UPN and adding the domain part of the user name acts like a default domain for when logging into the Web Client with Domain Based accounts. With the full UPN configured you only need to enter in the first part of the user account when logging in.
Configuring User and Group Permissions:
After you have configured the Lookup and vCenter Connectivity in the NSX Manager, jump over to the Web Client and login with the service account as shown below:
With this account you will have access to Administrator NSX and add new Users and Groups. Click on the Networking & Security Inventory Tab and in the left pane click on the IP of the NSX Manager. In the Middle Pane click on Manage and then the Users Tab.
If you have upgraded from a vShield Manager all the previous user accounts are carried across however if you login with that format carried over you will see 0 NSX Managers listed. For individual users delete the existing entries and re-create them with their full UPN account details. As highlighted below the users shown next to the red arrow will not have the correct rights to administer NSX…The re-created accounts next to the green arrow will be able to login and have management rights.
For Group config, the same applies…use the [email protected] format and all members of the group will be able to login.
Just to finish off, there is an official VMwareKB here on the issue. However it only talks about the configured users having appropriate vCenter Permissions.
- Log in to the NSX Manager via the Web UI.
- Click Manage vCenter Registration.
- Navigate to COMPONENTS > NSX Management Service.
- Ensure that vCenter Server is configured correctly.
Posting a very quick fix to an issue that I have seen pop up during all my installs to date of PernixData FVP Management Server (v2.x) whereby the Management Server Service Fails to start after a successful install.
Once the install completes successfully if you go to the vCenter Web or VI Client to start configuring your FVP Clusters you will find that the Plugin is not listed. Checking back on the management server the PernixData FVP Management Server Service will be in a stopped state.
If you try and start the service you get an error saying the service did not start due to a logon failure.
Which is confirmed in the Windows System Event Log.
What appears to happen is that the password specified for the service account during the FVP Manager Install doesn’t seem to get passed through to the system correctly and the fix is to simply re-enter the service account password under the Log On Tab of the Service.
Once done, the next attempt to start the service will be successful and you can start to configure the FVP Clusters.
My password had a couple of special characters which usually is the problem with passwords being interpreted by installers incorrectly…in this case I had a ^ at the start of the password and while I couldn’t find anything specific on the PernixData KB Site relating to it the fix is logical enough that most should be able to work it out…if not, hope to have saved you some time.
You are receiving this because our records indicate that you have downloaded Veeam Backup & Replication v8 RTM build.
VMware disclosed a Changed Block Tracking (CBT) bug that caused us to create a new Veeam Backup & Replication v8 build to cover this issue. If you previously installed the RTM build (within the last 2 weeks) for Partner preview purposes, you have a couple of options.
Install this “Day 0″ patch to take your RTM build installs up to GA build code level.
Above is the Partner Link, but those who need to update are more than likely partners in any case…Those running Veeam Backup & Replication v8 RTM build (22.214.171.1247) will be taken to v8 GA build (126.96.36.1997) code level.
Great work by the Veeam Dev team to push this through proactively and circumvent the bug!
Last Friday Veeam released version 8 of their Backup and Replication product and like the previous releases the features keep on coming with improvements to an already rock solid backup platform continuing.
Most exciting from my point of view is the debut of Veeam Cloud Connect which I have been lucky enough to be beta testing since June of this year. As a Veeam 8 Cloud Connect Launch partner i’ve had my hands on two betas and an RC of the new version to get a good early look at. And while I focused on Cloud Connect below are a couple of the standout features of v8 i’d like to highlight.
Backup I/O Control:
Ensures workload’s availability by reducing the impact of backup and replication
jobs on production VMs running on the same storage where backed-up VMs reside by monitoring the production datastore read latency and controlling job I/O to keep the latency acceptable limits. Backup I/O Control works in conjunction with Automatic Load Balancing to ensure no new intensive tasks such as virtual disk backup, restore or snapshot removal are assigned to the same datastore if the datastore’s latency is above a user-defined first latency threshold.
To ensure that backups can complete under any circumstances, Backup I/O Control will always allow at least one active task per datastore, and will never throttle any given task to less than 10% of full I/O capacity.
As you can see above you need Enterprise Edition to use this feature.
Forever forward Incremental backup mode:
This is a new default backup mode creates forward incremental backups for all the following runs after the initial full backup, which always remains the oldest restore point in a full backup chain. When the retention policy needs to remove the oldest restore point, the job merges the oldest incremental backup into the full backup file, discarding any data replaced in the full backup file by this process.
Because forward incremental backup creation involves mostly sequential writes, the forever forward incremental backup mode reduces the time a VM runs off of a snapshot by up to 3x when compared to the reverse incremental backup mode. This prevents a VM snapshot from growing large and making its commit much faster reducing both backup window and load on production storage.
Job start time priority:
The backup infrastructure resource scheduler will now prioritize all jobs according to their start times, and attempt to finish any particular job as soon as possible once it has been started. This means that if you start multiple jobs at once, the scheduler will assign newly appearing processing resources to the job that started earlier, as opposed to assigning them between all running jobs. This approach ensures that the backed-up state of all VMs within the same job remains as close together as possible
This detects and automatically consolidates hidden VM snapshots to prevent production VMs from stopping due to datastores filling up. To detect hidden snapshots before exiting the jobs will physically scan datastores for snapshot files belonging to snapshots not registered in vSphere. If hidden snapshots are found, the job will attempt to automatically consolidate them. If the job fails to remove hidden snapshots due to locking, the job will log an event and exit, however a background system process will attempt to perform consolidation three more times every four hours in the hope that file locks will be removed. If these attempts fail Snapshot Hunter will stop trying, and a warning email will be sent to the global notification recipients urging them to take manual action.
Hot add improvements:
Backup proxies can now process multiple virtual disks of the same VM in parallel using hot add. This includes hot add backup, restore and replication (on both source and target proxy). Additionally, performance of operations can see an increase of up to a few times depending on the environment.
CBT Bug Fix:
As explained in this post from Luca Dell’Oca the bug that was discovered a few months back by VMware has been addressed by B&R being able to automatically reset CBT informations on a processed VM upon detecting a virtual disk configuration change.
Job Retry Suppression:
The last new feature is a small one, but one that’s handy for Service Providers. Previously if a job failed an email would be generated upon every failure and subsequent retry which tends to make customers edgy upon seeing backup failures.
As seen above there is a new checkbox in the SMTP Settings that lets you suppress notifications until the last retry…a nice touch!
Another vForumAU has come and gone and upon reflection it was possibly the best event I’ve attended since my first one back in 2011. This year the venue for vForumAU was Luna Park Sydney…partly due to the redevelopment of the Sydney Exhibition Center but chosen ultimately as the venue to Celebrate the 10th Australian vForum by the VMware ANZ team.
Prior to the event I held a lot of concern around the choice of venue, but I found myself commenting throughout the event that it ended up working brilliantly as a venue. My reservations where based around attending with Zettagrid as a Gold Sponsor wondering if we could get value out of a venue that may distract attendees due to the party atmosphere. In truth the opposite happened and not only was the Solutions Exchange filled for most of the two day event…overall there was a buzz around the venue. From an exhibitors point of view the feeling was that the relatively close confines of the Solutions Hall created a VMworld like environment and the sessions where well attended.
From a delegates perspective having been to VMworld (and tracked Barcelona Online) the content was nothing new for myself and a wider group of vExpert/vChampions …the only real new news was the worst kept secret in VMware ANZ circles around the Q1 2015 Launch of a vCloudAir Zone in Australia…and while the news about vCloudAir coming to ANZ wasn’t new I was a little surprised that the first site would be in Melbourne and not Sydney.
While I have mixed feelings about vCloudAir landing one thing I am glad to hear is VMware continuing to mention Service Provider Partners in the vCloudAir Network as viable and trusted alternatives to those that don’t see vCloudAir as a fit…again, the level of partner support VMware shows puts to shame Microsoft’s Azure strategy/reality both globally and regionally. I will be interested to see how vCloudAir goes against Azure and AWS over the next 12 months…the value proposition is fundamentally different and suits the majority of the Australian Market who have current investment in vSphere and ESXi.
The Solutions Exchange dominated by VMware Ecosystem Partners and once again new age storage dominated the floor. In all honesty the choice we have at the moment for storage is fantastic and its an exciting time to be vetting storage solutions with vendors. Zettagrid was the only Hybrid Cloud IaaS Provider in the room which was interesting, though there where a few other providers of managed cloud in the Cloud Pavilion…certainly the usual crew of providers where not out in force this year…not sure exactly what to make of that, but as someone who works for the most credentialed VMware Service Provider in Australia I’ll take it!
Apart from the above the two days was spent networking and mixing with members of the VMware Community and fun was had at the Party on Wednesday night…Luna Park made the event fantastic and for a moment there where a number of grown up nerds where taken back to their respective childhoods as you can see from the pics below.
Overall a great couple of days which was bookended by a brilliant vChampion Briefing Session where we where lucky enough to have Kit Colbert talk EUC futures and also had sessions on NSX by members of the local NSX Team and Ray Budavari. As vChampions we do get spoiled a little by KJ, Grant and the Team but the spirit and passion of the group to evangelize the technology is how we can repay VMware.
Though others might think we see the world through vRose Coloured Glasses the reality is there is no better Virtualization Stack from a maturity, reliability and innovation point of view…People commenting on VMware’s relevance diminishing due to the rise and rise of PaaS and other Cloud Technologies may need to step back and spend the time looking at what’s about to drop over the next 12-18 months…It’s going to be a great time for the industry and I’m going to enjoy the ride.