Monthly Archives: September 2012

How To: Setting Up Nagios User for ESXi

Unless my Google skills are seriously on the decline I wasn’t able to find a definitive post on correctly setting up a nagios user to facilitate esx_checks for monitoring systems such as OpsView and similar Nagios based systems.

For our ESXi monitoring we have chosen to use the OS – vSphere Service Checks. Post here on how to get the OpsView side going. Having a look at the checks in OpsView you see the following checks are used

nagios_check_1

Our current ESXi 4.1 hosts where working a treat, and this being my first time adding new hosts to the monitoring set, I was confronted with the following errors via Nagstamon:

nagios_check_2

So, to get the reporting up the following actions need to be taken on the ESXi host.

  • Log into the host directly with the VI Client
  • Go to the Local Users & Groups Tab
  • Add/Modify the nagios user and set the password
  • Add the user to the users group and click ok
  • On the Permissions tab and Add a new permission for the nagios user as Read-Only.

nagios_check_3

nagios_check_4

If you want you can run the commands to test access directly from the cli of the OpsView system.

Alerts are gone and we are good to move onto the next job…finally!

How-To: vCenter 5.1 SSO Adding AD Identity Source


The SSO Component of vCenter 5.1 throws a couple of spanners in the works with regards to a straight forward upgrade of an existing vCenter install. While not overly complicated in terms of understanding what and how the SSO Service fits into the 5.1 puzzle, I found that it did add a couple of additional configuration steps that where not expected during and after the upgrade process. There are a heap of resources out there already on the end to end install of the SSO…be it a Simple Server install or a multi-server HA set-up, but your best bet is to catch up on the official VMware Documentation here.

EDIT: @VMwareKB vSphere Blog SSO Help Page http://t.co/9y20Kk22

In my environment we already employed AD authentication by way of Group Membership that dictated access to the vSphere Datacenters and Clusters. This was well established and working without too much hassle. My first attempt at the vCenter 5.1 upgrade yielded mixed results with the SSO, but lesson learnt was that I made the mistake of being too eager to jump into the upgrade without RTFM!

What I am now calling an exercise in executing a roll-back plan came about because I didn’t bother to understand how the SSO component affects an existing set-up and also from not paying attention during the install. In truth, I thought the first upgrade failed to install SSO correctly as I was getting errors when trying to login and the Web Client wasn’t able to connect to the SSO service. Couple of points here is that I rushed through the “Error 29155 Identity source discovery error” which is referenced by KB 2034374 and I attempted to “fix” the service by messing with the SSO Service Log-on user configuration. In the end I got impatient and rolled back the vCenter SnapShot I had taken before upgrade and started again. (Side note: that actually worked ok even after 5.1 agents where deployed to hosts managed by the vCenter…after rolling back the snap the 5.0 agent’s where re-redeployed without hassle)

So, once 5.1 had been installed and all components have been upgraded, you need to add your AD LDAP profile as an Identity Source via the vCenter Web Client. Without this, your existing AD credentials will not be honoured.

Log into the vCenter Web Client with the credentials provided during setup:

sso_1

Click through Administration -> Sign-On and Discovery -> Configuration and click on the green + Button in the centre window pane.

sso_2

Collect all your relevant AD LDAP information and complete the set-up as shown below.

sso_3

If all the settings are correct you will get a positive Test Connection response.

sso_4

Now that you have your Identity Source configured you can add the new source to the default domains by clicking Add to default domains in the top bar and bump the new source to the top of the list in the bottom pane. This allows you to not have to enter the NETBIOS name of the domain during login. eg DOMAN\username vs username.

Final thing to check now is to ensure that your previous Permissions based on AD groups are still in place relative to the vCenter, Datacenters, Clusters etc. As shown below, from this point forward you can configure access as you would have previously…the only change now is you have the option of selecting the Domain to reference.

sso_5

What this means, is in theory you could pull in external/client LDAP Identity Sources to use as authentication mechanisms on your vCenter…not sure it’s totally useful for vCenter’s, but can see this being extremely useful for management and automation layers like vCloud and vCOPs or even vCO.

VMworld – The EUC Revolution is Here

A few years ago there was a theory put forward by a certain Apple CEO that we were entering the Post PC Era…while I have never subscribed to that theory (which was affirmed by VMware CTO Steve Herrod at VMworld 2012) it’s obvious to see that the revolution is more based around the ways in which workers access their desktops, data and LOB applications. I think the fact that we have been inundated with iPhones, iPads, Galaxy Tablets and a like has had something to do with the misunderstanding of the Post PC Era.

The facts are that the PC will never disappear (for the foreseeable future anyways), and when I say PC…I don’t mean Windows, I also mean Apple and Linux desktops…as much as the fanboys would tell you otherwise, these are PC’s. So let’s try to think about the Post PC Era as the End User Computing Revolution. This much better reflects what I believe is happening at the moment.

At VMworld we saw demos of Horizon Application Manager with AppBlast, Data (formally Octopus) and the SSO experience for bringing external applications (be it SaaS or Hosted) all accessible and available via the one browser window. What this represents is the power of the browser and what can be achieved by getting the correct framework in place to deliver everything that was previously done on the desktop or externally via a provider through a private or hosted instance of Horizon.

app_manager_example

We are about to enter a world where SaaS is only part of the equation. Five or so years ago, many people where seeing SaaS as the ultimate solution for most SME/B’s whereby every key service and application is delivered by external providers. The power of virtualization has rebalanced the scales by way of allowing companies to look at deploying extremely scalable and cost effective private cloud solutions. The vCloud stack is as feature rich as it is malleable. There is no reason for all future installs of ESX and vCenter to include the vCloud management and automation layer…when you add the additional layer of DynamicOps, you start to have the building blocks for a client infrastructure that can seamlessly move workloads between private and partner hosted environments (and public if they so wish).

So what will impact this uptake of this shift? It’s really quiet easy to work out…end user acceptance…Will a key decision maker at a company looking at their options fully comprehend what this shift entails? Will they understand the fundamental shift that translates an employee’s workspace from a decentralised mess of files, applications and external services to a logically presented single sign on experience? Will they understand the concept of the Self Service Experience when it comes to new or additional applications?

http://blogs.vmware.com/euc/2012/08/vmworld-2012-introducing-vmware-horizon-suite-the-integrated-platform-for-workforce-mobility.html – Post and Video By Vittorio Viarengo

Really, what it comes down to in order to ease decision makers and end users into this new EUC world is ensuring that integrators and service providers fully understand the technology themselves…that is, there needs to be a process whereby this technology and the concepts are properly delivered via a productization process.

Learn -> Productize -> Promote -> Sell -> Deliver

Internally, to deliver the EUC experience we are just undertaking the Learning stage, but it’s also my job as a technology evangelist to Promote and Sell the concepts. While I hate the term, there will come a time where we need to “Dogfood” the technology. By getting sales people, tech teams and select management onto an internal beta/UAT of a platform like Horizon is key to ensuring that the Promote, Sell and Deliver part of the equation can go smoothly.

When I close my eyes and think about how our SBM clients should be working in 12-18 months time I can picture a single user experience with the browser being central to deliver files, apps and the desktop. For me…there is no better platform than Horizon, and VMware will work hard to ensure partners/service providers will be positioned to deliver on the promise of the real revolution!

VMworld – Where is the Zephyr?

There where some pretty big announcements and reveals at VMworld 2012, but unless I missed something (which was totally possible had any accouncement been made on Wednesday morning) nothing significant/direct was said of Project Zephyr VMware’s public cloud offering. What is slightly confusing is that VMware have been very open in the beta for the vCloud Test Drive site (which is based on chargeback) and where offering $50 credit’s for VMworld attendee’s.

So where is Project Zephyr at?

If you ask anyone inside VMware (and I have tried on many levels) you get a very scripted company line response along the lines of “We don’t comment on rumours”. The most I have been able to get out of anyone is that it’s nothing to worry about for vCloud Service Provider Partners.

While initially I felt a strong sense of almost betrayal! After all the work VMware have done helping providers compete against other public cloud offerings (see my opening blog post), and always being about the partner cloud ecosystem it felt like a shift in direction overnight…one which is obviously driven by the fact the big boys of Amazon, Azure, Google and to a lesser extend RackSpace have all taken significant chunks of the market space. Obviously Amazon is the biggest, but Azure and Google will start to flex muscle because of who they are.

With that I do understand VMware’s nervousness in the fact the vCloud ecosystem hasn’t grown as quickly as they would like, but I would argue that the pure public cloud space and where vCloud offerings sit are completely different market verticals and therein lies my ultimate sense of ease with Project Zephyr if it eventuates. Extend that to my local market of Australia, we are only now just seeing RackSpace and Amazon show interest in availability zones locally to counter the huge data sovereignty  issue that exists in Australia the big boys aren’t really here yet and hopefully won’t get established for a long time I also believe that Australian companies, be it a large corporate or an SMB trust and like to do business with local providers of whom there is an existing strong relationship.

I’ve used this line internally a couple of times when discussing the threats of Office365 or Google Apps

In our industry, cunsumers don’t by on brand alone, they buy on relationships…if you own a strong customer relationship 9/10 they will go with your offering.

What I would ask of VMware is that, if Zephyr comes to light offset any potential partner unease by extending the provisioning and automation tools used for the public platform, by way of releasing a step-by-step framework with all relevant documentation and examples so that vCloud partners can easily provide the same level of functionality to their offerings.

The last point I want to make here is that, for me the public cloud space is the domain of the developer I’ve seen it locally here where pure consumption based IaaS providers main client base is the developer community usually VM’s are procured for dev/testing and if applications are hosted off them it’s to burst out, or because they don’t require a significant backend such as MSSQL or Oracal. I only know of a couple major sites (and no major corporation) that hosts with a pure Public Cloud provider.

This is where the vCloud Ecosystem can actually continue to thrive especially in Australia, by way of ensuring that our platforms are the obvious choice for companies that want maximum flexibility, power and scalability, enhanced support and manageability, but also want to actually engage in partner relationships to maximize the service offerings vCloud partners can differentiate public clouds can’t.