Tag Archives: vCD SP

Quick Fix: vCloud Director SP None of the Cells have a vCenter Proxy Service Running. SSL Protocol Fix

vCloud Director SP 8.20 was released a few weeks ago and I wanted to highlight an issue I ran into while testing of the BETA. I hadn’t come across this issue in previous versions of vCD and even though it relates to the fact I had a vCenter 5.5 I thought it worth a post now that 8.20 has GA’ed.

After I upgraded my cells I got the fairly common error message under the Cloud Cells section of the Manage & Monitor menu telling me that I didn’t have a vCenter Proxy service running. It’s something all vCD administrators would have seen over the years, so I did the usual troubleshooting step of going of reconnecting the vCenter under vSphere Resources. This didn’t work, so I did what comes naturally and cleared the Quartz Tables in the vCD database without any success.

Failed to connect to the vCenter. Please check if this is a valid vCenter server and the credentials are correct.

The NestedESXi lab was running vCenter 5.5 U3b and after a bit of searching I came across a post in the vCloud BETA forums relating to this issue:

Starting with VDC 8.20, the SSL protocol ‘TLSv1’ is no longer supported by default in the product for security reasons (as a server to serve the REST API request, but also as a client when talking to vCenter).
The version of vCenter you are running (please confirm which version), is older and probably only supports TLSv1.

Which explains the errors I also had been observing. Note that from 5.5 Update 3e and 6.0 Update 3 and later TLS v1.0 has been disabled and should be disabled.

Due to security concerns in the TLSv1.0 protocol, both Payment Card Industry (PCI) and BSI organizations have suggested to implement and enable TLSv1.1 or TLSv1.2, and move away from the use of TLSv1.0 as soon as possible

Even though it’s not suggested I needed to enable TLS v1 so that vCD SP 8.20 could connect to the vCenter. The following steps where done to enable TLSv1 which was based off this VMwareKB outlining why cells no longer enable SSL v3 by default and talks about a cell management tool command that configures the allowed SSL Protocols vCD uses during the handshake process with vCenter.

The SSL V3 protocol has serious vulnerability, described in CVE-2014-3566. As of vCloud Director 5.5.3, cells no longer enable SSL V3 by default for internal and external HTTPS connections. The vCloud Director cell management tool has been updated with a new subcommand that enables the system administrator to configure the set of SSL protocols that the cell offers to use during the SSL handshake process. This new subcommand has been made available in vCloud Director 5.5.3

Run the following command on the vCD cell in /opt/vmware/vcloud/bin/

./cell-management-tool ssl-protocols -d SSLv3,SSLv2Hello

After that is done restart the cell and check to make sure you have a listener and that vCenter is connected. If you run the ssl-protocols command with a -l flag it will show you what ssl-protocols are allowed. By default you should now only have TLS v1.1 and 1.2 enabled, but in my case I also needed v1.

Finally, it’s worth repeating that TLS v1 shouldn’t be used in production, but if you are still running older versions of 5.5 and 6.0 in your labs then this will help.

References:

https://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=2112282

https://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=2145796

Released: vCloud Director SP 8.20 with HTML5 Goodness!

This week, VMware released vCloud Director SP version 8.20 (build 5070630) which marks the 8th Major Release for vCloud Director since 1.0 was released in 2010. Ever since 2010 the user interface give or take a few minor modifications and additions has been the same. It also required flash and java which has been a pain point for a long time and in someways unfairly contributed towards a negative perception around vCD on a whole.  It’s been a long time coming but vCloud Director finally has a new web UI built on HTML5 however this new UI is only exposed when accessing the new NSX integration which is by far and away the biggest addition in this release.

This NSX integration has been in the works for a while now and has gone through a couple of iterations within the vCloud product team. Initially announced as Advanced Networking Services which was a decoupled implementation of NSX integration we now have a fully integrated solution that’s part of the vCloud Director installer. And while the UI additions only extend to NSX for the moment it’s brilliant to see what the development team have done with the Clarity UI (tbc). I’m going to take a closer look at the new NSX features in another post, but for the moment here are the release highlights of vCD SP 8.20.

New Features:

  • Advanced Edge Gateway and Distributed Firewall Configuration – This release introduces the vCloud Director Tenant Portal with an initial set of controls that you can use to configure Edge Gateways and NSX Distributed Firewalls in your organization.
  • New vCloud Director API for NSX – There is a new a proxy API that enables vCloud API clients to make requests to the NSX API. The vCloud Director API for NSX is designed to address NSX objects within the scope of a vCloud Director tenant organization.
  • Role Administration at the Organization Level – From this release role objects exist in each organization. System administrators can use the vCloud Director Web Console or the vCloud API to create roles in any organization. Organization administrators can use the vCloud API to create roles that are local to their organization.
  • Automatic Discovery and Import of vCenter VMs – Organization VDCs automatically discover vCenter VMs that exist in any resource pool that backs the vDC. A system administrator can use the vCloud API to specify vCetner resource pools for the vDC to adopt. vCenter VMs that exist in an adopted resource pool become available as discovered vApps in the new vDC.
  • Virtual Machine Host Affinity – A system administrator can create groups of VMs in a resource pool, then use VM-Host affinity rules to specify whether members of a VM group should be deployed on members of a vSphere host DRS Group.
  • Multi-Cell Upgrade – The upgrade utility now supports upgrading all the cells in your server group with a single operation.

You can see above that this release has some major new features that are more focused on tenant usability and allow more granular and segmented controls of networks, user access and VM discovery. The Automatic VM discovery and Import is a significant feature that goes along with the 8.10 feature of live VM imports and helps administrators import VM work loads into vCD from vCenter.

“VMware vCloud Director 8.20 is a significant release that adds enhanced functionality.  Fully integrating VMware NSX into the platform allows edge gateways and distributed firewalls to be easily configured via the new HTML5 interface.  Additional enhancements such as seamless cell upgrades and vCenter mapping illustrate VMware is committed to the platform and to vCloud Air Network partners.”

A list of known issues can be found in the release notes and i’d like to highlight the note around Virtual Machine memory for the vCD Cells…I had my NestedESXi lab instances crash due to memory pressures due to the fact the VMs where configured with only 5GB of RAM. vCloud Director SP 8.20 needs at least 6GB so ensure your cells are modified before you upgrade.

Well done the the vCloud Director Product and Development team for this significant release and I’ll look to dig into some of the new feature in detail in upcoming posts. You can also read the offical vCloud Blog release post here. I’m looking forward to what’s coming in the next release now…hopefully more functionality placed into the HTML5 UI and maybe integration with VMwareonAWS 😉

References:

http://pubs.vmware.com/Release_Notes/en/vcd/8-20/rel_notes_vcloud_director_8-20.html

https://www.vmware.com/support/pubs/vcd_sp_pubs.html

https://blogs.vmware.com/vcloud/2017/02/vmware-announces-general-availability-vcloud-director-8-20.html

First Look: ManageIQ vCloud Director Orchestration

Welcome to 2017! To kick off the year I thought I’d do a quick post on a little known product (at least in my circles) from Red Hat Inc called ManageIQ. I stumbled across ManageIQ by chance having caught wind that they where soon to have vCloud Director support added to the product. Reading through some of the history behind ManageIQ I found out that in December of 2012 Red Hat acquired ManageIQ and integrated it into its CloudForms cloud management program…they then made it open source in 2014.

ManageIQ is the open source project behind Red Hat CloudForms. The latest product features are implemented in the upstream community first, before eventually making it downstream into Red Hat CloudForms. This process is similar for all Red Hat products. For example, Fedora is the upstream project for Red Hat Enterprise Linux and follows the same upstream-first development model.

CloudForms is a cloud management platform that also manages traditional server virtualization products such as vSphere and oVirt. This broad capability makes it ideal as a hybrid cloud manager as its able to manage both public clouds and on-premises private clouds and virtual infrastructures. This acts as a single management interface into hybrid environments that enables cross platform orchestration to be achieved with relative ease. This is backed by a community that contributes workflows and code to the project.

The supported platforms are shown below.

The October release was the first iteration for the vCloud provider which supports authentication, inventory (including vApps), provisioning, power operations and events all done via the use of the API provided by vCloud Director. First and foremost I see this as a client facing tool rather than an internal orchestration tool for vCAN SPs however given it can go cross platform there can be a use for VM or Container orchestration that SPs could tap into.

While it’s still relatively immature compared to the other platforms it supports, I see great potential in this and I think all vCAN Service Providers running vCloud Director should look at this as a way for their customers to better consume and operate vCD coming from a more modern approach, rather than depending on the UI.

Adding vCloud Director as a Cloud Provider:

Once the Appliance is deployed, head to Compute and Add New Cloud Provider. From the Type dropdown select VMware vCloud

Depending on which version of vCD SP your Service Provider is running, select the appropriate API Version. For vCD SP 8.x it should be vCloud API 9.0

Next add in the URL of the vCloud Director endpoint with it’s port…which is generally 443. For the username, you use the convention of [email protected] which allows you to login specifically to your vCD Organization. If you want to login at an admin enter in [email protected] to get top level access.

Once connected you can add as many vCD endpoints as you have. As you can see below I am connected to four seperate instances of vCloud.

Clicking through you get a Summary of the vCloud Zone with it’s relationships.

Clicking on the Instances you get a list of your VM’s, but this also has views for Virtual Datacenter, vApps and other vCD objects. As you can see below there is detailed views on the VM and it does have basic Power functions in this build.

I’ve just started to look into the power of CloudForms and have been reading through the ManageIQ automation guide. It’s one of those things that needs a little research plus some trial and error to master, but I see this form of cloud consumption where the end user doesn’t have to directly manipulate the various API endpoints as the future. I’m looking forward to how the vCloud Director provider matures and I’ll be keeping an eye on the forums and ManageIQ GitHub page for more examples.

Resources:

http://manageiq.org/docs/get-started/
http://manageiq.org/docs/reference/
https://pemcg.gitbooks.io/mastering-automation-in-cloudforms-and-manageiq/content/chapter1.html

OVFTool: vCloud Director OVA Upload PowerShell Script

Earlier this year I put together a quick and nasty PowerShell Script that exports a vApp from vCloud Director using the OVFTool …for those that don’t know the OVFTool is a command line tool that has a powerful set of functions to import/export VMs and vApps from vCenter, ESXi and vCloud Director weather it be from a vCloud Air or a vCloud Air Network Provider.

You can Download and install the tool from here:

This week I needed to upload an Virtual Machine that was in OVA format and for those that have worked with vCloud Director you would know that the OVA format is not supported using the upload functionality in the current web interface. With that I thought it was a good time to round out the export using OVTTool post with an import using OVFTool post. Again, doing some research I found a bunch of posts relating to importing OVAs into vCloud Director and after working through the Admin Guide and some examples I was ready to build out a basic import command and start work on the PowerShell Script. On Windows you can run the tool from CMD but I would suggest using PowerShell/CLI as in the example below I go through building a variable.

What Info is Required:

  • vCloud URL
  • vCloud Username and Password
  • Org Name
  • vDC Name
  • vApp Name
  • Catalog Name
  • Path to OVA

Command Line Example:

Below is a basic example of how to construct the vCloud String and use it as a variable to execute the tool.

PowerShell Script:

Again, I’ve taken it a step further to make it easier for people to import OVAs into vCloud Director and put together another, slightly improved PowerShell Script that I have coded in to work with my old companies vCloud Zones…though this can be easily modified to use any vCloud Air Network vCD endpoint.

The output of the script can be seen below:

It’s a very basic script that gathers all the required components that make up the vCloud Source Connection String and then exports the OVA into the vCD vApp. I’ve even done a little more PowerShell improvements around password security and added a little colour.

Save the code snippet as a .ps1 into the OFVTool Windows Folder and execute the script from the same location. If there are any errors with the inputs provided the OVFTool will fail with an error, but apart from that it’s a very simple straight forward way to import OVAs into any vCloud Director enabled endpoint.

Additional Reading:

http://www.virtuallyghetto.com/tag/ovftool

http://www.vmwarebits.com/content/import-and-export-virtual-machines-command-line-vmwares-ovf-tool 

vCloud Director SP 8.10.1 UI Additions – Boot Options

Last week VMware released vCloud Director SP 8.10.1 Build 4655197 and while it was mainly a patch release there was one new feature added which was a couple of additional UI settings under the General Tab of a Virtual Machine.

  • New boot customization options added to delay the boot time and to enter into the BIOS setup screen. You can use the vCloud Director Web console or the vCloud API to set Boot Delay and EnterBIOS mode options.

This might seem like a small and meaningless setting, but you would be surprised how many times I experienced customers frustrated at the fact they could not get into the BIOS easily via the VM Console or have a long enough boot delay to trigger a boot from alternative media option.

The previous General Tab looked like this:

The 8.10.1 General Tab looks like this:

You can see that you now have an check box to Enter BIOS Setup and set the Boot Delay. These settings follow the rules of vSphere meaning the Boot delay is in milliseconds and can only be modified if the Virtual Machine is powered off. I had this image open with the System Administrator account which explains why you see the a few more VM related bits of information telling you what Host and Datastore the VM is residing on and what the name of the VM is in vSphere.

Again, this is a simple but extremely useful addition but continues to show VMware’s commitment to improving the vCD platform even before the big UI enhancements start to filter through next year.

#LongLivevCD

Worth a Repost: Debunking Three Common Myths Around vCloud Director #LongLivevCD

It seems that all with all the announcements of late around VMware’s (re)shifting Hybrid Cloud strategy with Cross Cloud Foundation and VMware’s partnership with AWS people where again asking what is happening with vCloud Director. While vCD is still not available for VMware’s enterprise customers, the vCloud Director platform has officially never been in a stronger position. Those who where lucky to attend the various product team NDA and SIG sessions at VMworld US and Europe have an idea of not only whats coming…but also that there has been a serious ramp up in focus and development.

Those outside the vCAN inner circles probably didn’t know this and I still personally field a lot of questions about vCD and where it sits in regards to VMware’s plans. Apparently the vCloud Team has sought to clear the air about vCloud Director’s future and posted this fairly emotive blog post overnight. I’ve reposted the article below:

MythBusters: Debunking Three Common Myths Around vCloud Director

For while now, there’s been some speculation that VMware vCloud Director was no longer a priority for VMware – but that couldn’t be further from the truth. With the release of vCloud Director 8.10 this spring, VMware has doubled down on its dedication to enhancing the product, and we’ve even expanded our training program to keep pace with the evolving needs of its users.

Make no mistake, vCloud Director fits into VMware’s larger vision for the software defined data center (SDDC) now more than ever before. So let’s take the time to clear up a few of the biggest misconceptions out there today.

  • MYTH #1 – vCloud Director is End-of-Life or End-of-Support: Not at all! In May 2016, VMware released vCloud Director 8.10, the latest version of the product, in response to customer feedback and an industry-wide move to the hybrid cloud. New features in this release includes distributed resource scheduler affinity and anti-affinity for VMs and UI integration of NSX for heightened security. To get customers up to speed with the new release, our team has launched a free vCloud Director 8.10 Fundamentals eLearning course, and after VMworld Europe, we plan to expand these offerings through new vCloud Director Hands-on Labs via the VMware HOL Online portal. Later this month, we are also offering an extensive 5-day lab from October 31 – November 4, titled “vCloud Director 8.10: Install, Configure, Manage” that walks participants through the process of building a data center environment that leverages not only vCloud Director but also Virtual SAN and NSX.
  • MYTH #2 – Usage is Lagging: False! In fact, the opposite is true. Not only is usage of vCloud Director increasing, but it’s reaching new levels of growth.Look no further than Zettagrid, a cloud computing infrastructure as a service (IaaS) provider, which deployed vCloud Director to simplify data center provisioning. Or iland, an award-winning enterprise cloud infrastructure provider that uses vCloud Director to supply greater flexibility and customization to its clients. Furthermore, VMware continues to partner with members of its independent software vendor program group to catalogue and support the most recent products built by ISVs that are compatible with VCD through it through the VMware solution exchange. vCloud Director has proven itself a valued partner for customers across industries and hybrid cloud ecosystems, and version 8.10 only solidifies VMware’s continued commitment to the product and its users.
  • MYTH #3 – User Interface (UI) is Static: Wrong again. You spoke, and we listened. A change in direction from previous versions, the release of vCloud Director 8.10 demonstrated a commitment to the UI by exposing all features directly through the UI and achieving feature parity with the API. Features now available on the UI include storage profiling, tenant throttling, and self-service VDC templates that give vCloud Director a more robust and flexible platform for delivering IaaS solutions.

Through a combination feature updates that increase agility, new training opportunities, and an enhanced UI with heightened functionality, VMware continues to actively invest in the vCloud Director user experience. Rest assured, there’s more to come.

So overall, that’s a pretty blunt message from the vCloud Director SP Product team that..for the foreseeable future vCloud Director is here to stay and continue to be improved upon. Again, I’ll state with absolute fact that there is no more stable and mature multi-tenant cloud management platform in the market today for IaaS. Look out for the next BETA release and also for Alliance partners like Veeam building even stronger offerings on top of vCloud Director.

Rest assured, there’s more to come.

References:

MythBusters: Debunking Three Common Myths Around vCloud Director

 

Released – vCloud Director SP 8.0.2 Important Upgrade for Zerto Clients

Last week VMware released vCloud Director SP 8.0.2 Build 4348775. While there a a number of minor bug fixes in this release there is one important fix that will make service providers who offer replication services built upon Zerto happy, as it resolves a bug that had stopped many service providers upgrading from vCD SP 5.6.x. Apart from that there are only a couple new things in this build…that being an updated JRE version, some additional language support in the WebMKS console and probably of more importance is official support for NSX-v 6.2.4

 

As usual I’ve gone through the Resolved Issues list and highlighted the ones I feel are most relevant…the ones in red are issues we have seen in our vCloud Zones and Zettagrid Labs.

  • Intermittent failure of vCD vApp deployment
    When you attempt to deploy vApp either manually or through the vCO workflow, the deployment might fail with the following error:
    Could not find resource pool for placement of edge gateway.
  • Downloading a large vApp template as an OVF file from the vCloud Director fails
    Attemps to download a large vApp template as an OVF file from vCloud Director fails due to an operation timeout error in both vCloud Director and vCenter Server. This issue is seen when the size of the vApp template is greater than 100 GB.
  • vCloud Director Cell uses a high percentage of the CPU
    The vCloud Director cell uses more than 90 percent of the CPU. As a result, the vCloud Director workload is affected
  • During a heavy load, vCloud Director can have two or more VMs that have the same CloudUUID in the system
    During a heavy load, vCloud Director can have two or more VMs with the same CloudUUID in the system. This causes the Managed Object Reference (moref) of the VM to be overwritten by another VM. Due to the duplicated CloudUUID, a wrong VM might get deleted.
  • In the latest Mac version (OS X El Capitan), the Upload, or Download dialog box does not close correctly
    After you update your system to the latest Mac version (OS X El Capitan), when you attempt to upload a file from the data store the Upload, or Download dialog box does not close correctly.
  • vApp deployment from a template fails with certain direct organization VDC networks, when there are multiple direct organization VDC networks in a VDC that are mapped to the same external network
    When there are multiple direct organization VDC networks in a VDC that are mapped to a single external network, deploying a vApp from the template is possible with only one of these networks. The deployment fails when other networks are selected.
  • Edge gateway fails to deploy when a create request is invoked from the vCloud Director cell that does not have a vCenter Server proxy listener
    In a multi-cell vCloud Director setup, the Edge gateway creation is successful only when the create request is invoked from the vCloud Director cell that has a vCenter Server proxy listener.

Zerto vs VMware Standoff:

With regards to the Zerto issue, this bug actually exists in vCD SP 8.10 as well and will be resolved in an upcoming build later in November. There is a hotfix available if Service Providers want to deploy vCD SP 8.10 before the official release. There was a significant delay before this that impacted Zerto clients and to be honest it wasn’t handled well from both sides. Zerto claim to offer official support 90 days after the release of vCD however that was not possible and the finger was pointed at VMware to fix the bug rather than try to work around the issue.

“Creating or modifying a VM in vCD fails (VMware KB 2144385)” and Zerto is prevented from recovering into a vCD environment. 

That VMwareKB has been pulled back internally and there isn’t any specific reference to that issue in the release notes, however we do know and have confirmed that the bug has been resolved in this build and the upcoming 8.10 build. It highlights the fact that vendors who partner together in delivering solutions that rely on one an others solutions need to work together so as to not impact their mutual clients.

References:

http://pubs.vmware.com/Release_Notes/en/vcd/802/rel_notes_vcloud_director_802.html

NSX Bytes: vCloud Director Can’t Deploy NSX Edges

Over the weekend I was tasked with the recovery of a #NestedESXi lab that had vCloud Director and NSX-v components as part of the lab platform. Rather than being a straight forward restore from the Veeam backup I also needed to downgrade the NSX-v version from 6.2.4 to 6.1.4 for testing purposes. That process was relatively straight forward and involved essentially working backwards in terms of installing and configuring NSX and removing all the components from vCenter and the ESXi hosts.

To complete the NSX-v downgrade I deployed a new 6.1.4 appliance and connected it back up to vCenter, configured the hosts, setup VXLAN, transport components and tested NSX Edge deployments through the vCenter Web Client. However, when it came time to test Edge deployments from vCloud Director I kept on getting the following error shown below.

Checking through the NSX Manager logs there was no reference to any API call hitting the endpoint as is suggested by the error detail above. Moving over to the vCloud Director Cells I was able to trace the error message in the log folder…eventually seeing the error generated below in the vcloud-container-info.log file.

As a test I hit the API endpoint referenced in the error message from a browser and got the same result.

This got me thinking that the error was either DNS related or permission related. After confirming that the vCloud Cells where resolving the NSX Manager host name correctly, as suggested by the error I looked at permissions as the cause of the 403 error. vCloud Director was configured to use the service.vcloud service account to connect to the previous NSX/vShield Manager and it dawned on me that I hadn’t setup user rights in the Web Client under Networking & Security. Under the Users section of the Manage Tab the service account used by vCloud Director wasn’t configured and needed to be added. After adding the user I retried the vCD job and the Edge deployed successfully.

While I was in this menu I thought I’d test what level of NSX User was required to for that service account to have in order to execute operations against vCloud Director and NSX. As shown below anything but NSX or Enterprise Administrator triggered a “VSM response error (254). User is not authorized to access object” error.

At the very least to deploy edges, you require the service account to be NSX Administrator…The Auditor and Security Administrator levels are not enough to perform the operations required. More importantly don’t forget to add the service account as configured in vCloud Director to the NSX Manager instance otherwise you won’t be able to have vCloud Director deploy edges using NSX-v.

 

 

vCD SP 8.10 New Features Part 3 – Storage Tiering and Storage Management

vCloud Director SP 8.10 has been out for a couple months now and the general buzz around this release has been extremely positive. The decision to expose the previously API only features has been warmly welcomed by most vCloud Air Network Service Providers and I have heard of quiet a few looking to deploy or plan deployment of vCD SP 8.10 into their hosting platforms.

In Part One I went through the new NSX supportability improvements and in Part Two I went through the tenant ability to configure VM affinity and anti-affinity rules. In Part Three I am going to go through something that’s been available via the API since vCD 5.6.3 SP but is now exposed via the UI and also take a look at a new feature around the limiting of the max size of a tenant VMDKs in a vCD environment.

  • VM Disk Level Storage Profiles – Allows a single virtual machine (VM) to access different tiers of storage such as storage area network (SAN), network-attached storage (NAS), and local storage to help balance storage cost vs. storage performance. VMware vCloud Director 5.6 also supports VMware Virtual SAN.

Fast Provisioning:

Before showing the new UI Storage Profile features it’s worth mentioning that this will not work if you have vDCs configured with fast provisioning enabled. If you try to configure multiple profiles against a VM you will get a “Cannot use multiple storage profiles in a fast-provisioned VDC” error message.

Fast provisioning was introduced with vCloud Director 1.5 and enables speeding up a cloning process when deploying vApps from catalog or copying VMs. It utilizes vSphere linked clones where the base image is not cloned, instead a delta disk is created to record changed blocks.

Great in theory, but also carries some caveats…not allowing VM Disk level storage profiles being one of them. If turned on, head to the Storage Tab of the vDC and uncheck the option as shown below.

VM Disk Level Storage Profiles:

There isn’t a lot that needs explaining in terms of what can now be achieved through the UI to better provision and manage different storage requirements on a per VM disk basis. vCD Storage Profiles directly plug into vCenter Storage Policies and inherit the characteristics passed through from vCenter into vCD via the Provider vDC. These are then allocated to vDCs as shown in the image above. Generally speaking these policies map back to different tiers of storage and allow the Service Provider to offering different service levels at different price points.

As an example a tenant may have a requirement to have a large file server that doubles as a Domain Controller (it happens more than you think) for the System drive the requirements might state that you need SAS backed storage and SATA backed for a secondary volume. This can now be achieved through the vCD UI as shown below.

You can see above that Disk 0 is on ioSTOR-500 and Disk 1 is on ioSTOR-250. The example above is for the adding of new disks to a VM…you can also change the Storage Profile while a VM is on. This will trigger a Storage vMotion in the background if required as shown below.

Limiting Maximum Disk Size:

There are some scenarios where a Service Providers might want to limit the max size of tenant VMDKs in order to comply with capacity planning requirements or storage level constraints. The current max size for a VMDK in vSphere is 62TB and being realistic there are not too many Service Providers out there who provision datastores that size. Typically, the storage limits applied at an allocation pool should limit the creation of stupidly large disks by tenants, but there is the possibility that someone with deep pockets purchasing large amounts of storage could try to provision a VM (thin or not) Disk larger than the datastores underpinning the storage policy.

To set the global disk limit you use the cell-management-tool command on any vCD cell in the instance. Once run the value is honors immediately and without restart of the vCD services as shown in the example below that limits the disks to 500GB.

./cell-management-tool manage-config -n vmlimits.disk.capacity.maxMb -v 500000

Once configured, if a tenant tries to provision a disk bigger than the limit they will get an error stating that the “Requested disk size exceeds maximum allowed capacity“.

References:

https://fojta.wordpress.com/tag/fast-provisioning/

http://pubs.vmware.com/Release_Notes/en/vcd/8-10/rel_notes_vcloud_director_8-10.html

Sneak Peek – Veeam 9.5 vCloud Director Self Service Portal

Last month Veeam announced that they had significantly enhanced the capabilities around the backup and recovery of vCloud Director. This will give vCloud Air Network Service Providers the ability to tap into a new set of RESTful APIs that adds tenanted, self service capabilities and be able to offer a more complete service that is totally controlled and managed by the vCloud tenant.

As part of the Veeam Vanguard program, I have been given access to an early beta of Veeam v9.5 and have had a chance to take the new functionality for a spin. Given the fact this is an very early beta of v9.5 I was surprised to see that the installation and configuration of the vCloud Director Self Service functionality was straight forward and like most things with Veeam…It just worked.

NOTE: The following is based on an early access BETA and as such features, functions and menu items are subject to change.

Basic Overview:

The new vCloud Director integration lets you back up and restore single VMs, vApps, Organization vDC and whole Organization. This is all done via a web UI based on Veeam Backup Enterprise Manager. Only vCD SP versions are compatible with the feature. Tenants have access to Self-Service web portal where they can manage their vCloud Director jobs, as well as restore VMs, files and application items within their vCloud Director organization.

The Service Provider exposes the following URL to vCD tenants:

https://Enterprise-Manager-IP/vcloud/OrgName:9443

As shown in the diagram below Enterprise Manager than talks to the vCloud Director Cells to authenticate the tenant and retrieve information relating to the tenant vCloud Organization.

Configuring a Tenant Job:

Anyone who is familiar with Veeam will recognize the steps below and the familiar look of the menu options that the Self Service Portal provides. As shown below the landing page once the tenant has authenticated is similar to what you see when logging into Enterprise Manager…in fact the beauty of this portal is that Veeam didn’t have to reinvent the wheel…they just retrofited vCD multi-tenancy into the views.

To configure a job click on the the Jobs Tab and hit the Create Button.

Give the Job a Name and set the number of restore points to keep.

Next select the VMs you want to add to the Job. As mentioned above you can add the whole Org, vDC, vApp and as granular as per VM.

Next select any Guest Processing you want done for Application Aware backups.

And then set the Job Schedule to you liking.

Finally configure email notification

Once that has been done you have the option to Run the Job manually or wait for the schedule to kick in. As you can see below you have a lot of control over the backup job and you can even start Active Full Jobs.

Once a job has been triggered you have access to view logs on what is happening during the backup process. The details is just as you would expect from the Veeam Backup & Recovery Console and keeps tenant’s informed as to the status of their jobs.

More to Come:

There is a lot more that I could post but for the moment I will leave you all with that first sneak peak. Once again Veeam have come to the party in a big way with this feature and every service provider who run vCloud Director should be looking at Veeam 9.5 so as to enhance the value of their IaaS offering.

#LongLivevCD

« Older Entries