Search Results for: Log Insight

Quick Post – VSAN and Log Insight Custom Alerting Example

Log Insight is one of those great VMware products that needs to get more airplay as it has quiet a few applications other than a run of the mill log parser…in this post I’ll go through configuring a basic VSAN alert to detect disk failures. Once VSAN has been configured and deployed there is a new set of alerting parameters that VMware Admins need to be aware of that would usually be part of a traditional storage platforms feature set. Like all storage we need to be made aware of any issues with the supporting hardware such as Storage Controllers and Physical Disks. VSAN 6.2 comes with an excellent Health Monitor that allows you to get a quick overview of a VSAN instances state and will alert through vCenter if any issues arise.

While vCenter Triggered Alerting is fine we had a situation recently where a failed disk was missed for a couple of days due to the default vCenter Alarming not configured correctly. The only way we found out about the failed disk was by visually seeing the alert against the vCenter and then taking a look at the VSAN Health Analyzer. While vCenter monitoring is ok, I don’t believe it should be your only/primary source of monitoring and alerting.

Having done a few alerts in Log Insight before, I looked at what Log Insight could provide by way of logging through the recently released VSAN Content Pack.

Using the Diskgroup Failures menu on the VSAN Content Pack Dashboard I searched through to try and locate the previous disk failure. As shown below a Disk Permanent Error had been registered.

Clicking through to the Interactive Analysis on that event you get a more detailed view of the error and the search parameters of the specific log entry.

To create a custom alert that emails when a Permanent Disk Failure occurs I removed the search fields that related directly to the disk and host and clicked on the Create Alert Icon (Red Bell top left of the image)

As shown below configuring the alert is simple and there are a number of different hooks to use as methods of notification. One of the great things about using Log Insight to trigger Alert notification is the suppression mechanisms to stop alert floods.

Apart from creating custom alerts the VSAN Content pack comes with a number of pre-canned alerts that are disabled by default. To view and enable these click on the Manage Alerts button and filter for VSAN.

If you haven’t had a chance to look at Log Insight, take a look at the features page and if you own a vCenter license you already own 25 OSI Pack of Log Insight.

References:

https://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=2144909

 

How-To: vCloud Director and Log Insight

Recently v2.0 of VMware Log Insight became GA, and I’ve been playing around with it since it’s release. Having been on the BETA of the 1.5 Version the 2.0 Version is streets ahead in terms of usability and completeness. Living day in and day out within vCloud Director I decided to look at hooking up the vCloud Cell Logs to Log Insight and create a basic Dash Board to assist us in working through vCD logs.

First up you need to SSH into your vCloud Cell and head to:

From there you want to edit the log4j.properties file. Probably worth making a backup of the file before the edit. Go to the bottom of the file and append the following, making sure to substitute the xxx.xxx.xxx.xxx on the second line below with the IP or hostname of your Log Insight Server.

You can see that we can control the level of logging being sent through to Log Insight by editing that last line and changing the threshold to WARN or CRITICAL. Once that section has been added, head back to the top of the file and modify line 2 as shown below

What we are doing there is adding the source we just configured in the first step. Save the file and restart the vmware-vcd service

Load up the Log Insight Web GUI and go to the Interactive Analytics Page. If you hit search a couple of times you should start seeing vCloud Director related entries appear in the Events pane.

Click on the Add Filter Icon and sort by Source -> Contains and Enter in the host name of the vCloud Cell. Depending on the amount of hosts you are logging the Cell may appear in the list as you click into the search box. Hit the Search button and you will see your filtered log entries in the events pane. To make for easier reading, I choose the Field Tab which makes reading the entries a little easier.

 

Finally we can create a basic Custom Dashboard to view cell log numbers over time. With the above Filter in play, click on the Add to Dashboard icon which is on the right hand side of the search button and give a name relating to the Cell. In the example below I already have a Dashboard created so it appears in the drop down list…otherwise you can create a new one from this window.

 

After clicking on Add you can go back to the Log Insight Dash Boards to view your creation.

 

Again, its a very basic display literally showing you the number of events in a period of time, however the usefulness here is that if you have to search for an event you can drill down and perform an Interactive Analysis with a little more accuracy.

Watch out for more Content Packs to Come out for Log Insight…the library will only grow and give more value add to this tool.

First Look: vRealize Network Insight (Arkin)

Last year Arkin burst onto the scene offering a solution that focused on virtual and physical deep network analytics. Arkin was recognised at VMworld 2015 by nearly taking out the best of show and fast forward twelve months, Arkin was acquired by VMware with the product later rebadged as vRealize Network Insight. One of the products main strengths that attracted VMware into making the acquisition was it’s tight integration into NSX by way of a simple and intuitive user interface that lets admins easily manage and troubleshoot NSX while offering best practice checks that can guide users through VXLAN and firewall implementations and alert them to any issues in their design and implementation of NSX.

Arkin removes barriers to SDDC adoption and operation by providing converged visibility, and contextual analytics across virtual and physical, an ability to implement newer security models such as micro-segmentation, and by ensuring application uptime, while letting IT collaborate better. The platform helps IT organizations plan, operate, visualize, analyze, and troubleshoot their complex software-defined data center environments.

As vRealize Network Insight the key benefits are:

  • East-west traffic analytics for security and micro-segmentation design
  • Control and tracking to meet audit and compliance requirements for virtual distributed firewalls
  • 360 Overlay-underlay visibility and topology mapping
  • Extensive 3rd party physical switch integrations
  • VXLAN to VLAN logical path mappings
  • Advanced NSX Operations Management
  • Natural language search and enhanced user experience for rapid troubleshooting

What I was surprised to find when I was able to dig into the product was that it offered more than just Network insights…in fact it offered surprisingly deep analytics and metrics for Hosts and Virtual Machines that rival most similar products out on the market today.

Installation Overview:

To install Network Insight you download two OVA’s from MyVMware and deploy the two appliances into vCenter. It’s got an interesting setup that’s shown below and after deployment you are left with two appliances, a Platform, and a Proxy that have the following specifications.

Platform OVA

  • 6 CPU cores (reservation 3072) Mhz
  • 32 GigaBytes RAM (reservation)
  • 600 Gigabytes HDD (thin provisioned)

Proxy OVA

  • 2 CPU cores (reservation 1024 Mhz)
  • 4 Gigabytes RAM (reservation 4GB)
  • 100 Gigabytes HDD (thin provisioned)

A note before continuing…only Chrome is supported as a browser at this stage.

You start the install by deploying the Platform appliance…once the Platform OVA is deployed and the appliance VM settings have been configured you can hit the IP specified in the OVA deployment process and continue the installation.

After the license key has been validated you are then asked to Generate a shared secret that is used to pair the Platform with the Proxy appliance.

From here you can initiate the deployment of the Proxy appliance. During the OVA deployment you are asked to enter in the shared key before continuing to configure the appliance networking and naming. As shown below, the configuration wizard waits to detect the deployed Proxy appliance at which point the installation is complete and you can login.

The default username name is [email protected] with a password of admin.

When you login for the first time you are presented with a Product Evaluation pop up letting you know you are in NSX Assessment Mode and that you can switch to Full Product Mode at the bottom right of the window. NSX Assessment Mode is an interesting feature that looks like it will be used to install Network Insight as part of an on boarding or discovery engagement and produce reports on what is happening inside an NSX environment.

In either mode you need to register at least one vCenter and, if in a site with NSX, register the NSX Manager as well. As mentioned in the opening you can also plug into a small subset of popular physical networking equipment such as Cisco, Arista, DELL, Brocade and Juniper.

Once the vCenter has been connected and verified you then have the option to select the vDS and PortGroups you want to have monitored. This enabled Netflow (IPFIX) across all PortGroups selected…it does these changes live so be wary of any possible breaks in vDS traffic flow just in case.

Due to a rather serious PSOD bug in previous version of ESXi when Netflow is enabled, the configurator blocks any host that doesn’t meet the minimum ESXi builds as shown below.

Below is the minimum requirements for Network Insight to be configured and start collecting and analyzing.

Infrastructure

  • vCenter 5.5 or above
  • ESXi 5,5, update 2 (build 2068190) and above
  • ESXi 6.0, update 1b (3380124) and above
  • NSX for vSphere 6.1 or greater
  • Netflow enabled on vDS

Reading through the FAQ, you get to learn about IPFIX and how it’s used with the vDS to collect network traffic data…it’s worth spending some time going through the FAQ however I’ve pulled an overview on how it all works below.

IPFIX is an IETF protocol for exporting flow information. A flow is defined as a set of packets transmitted in a specific timeslot, and sharing 5-tuple values – source IP address, source port, destination IP address, destination port, and protocol. The flow information may include properties such as timestamps, packets/bytes count, Input/output interfaces, TCP Flags, VXLAN Id, Encapsulated flow information and so on.

 

Network Insight uses VMware VDS IPFIX to collect network traffic data. Every session has two paths. For example: Session A↔C has A→C packets and C→A packets. To analyze the complete information of any session, IPFIX data about packets in both the directions is required. Refer following diagram where VM-A is connected to DVPG-A and is talking to VM-C. Here DVPG-A will only provide data about the C→A packets, and DVPG-Uplink will provide data about A→C packets. To get the complete information of A’s traffic, Ipfix should be enabled on DVPG-A, DVPG-uplink

That wraps up this post…I’ll be looking at doing a followup post that looks at the Network Insight user interface and what information about network traffic, flows and routing can be viewed and analysed as well as taking a look at the surprisingly good VM, Host and Cluster level metrics

References:

http://www.arkin.net/

https://www.vmware.com/products/vrealize-network-insight.html

https://www.vmware.com/content/dam/digitalmarketing/vmware/en/pdf/products/vmware-vrealize-network-insight-faq.pdf

https://www.vmware.com/content/dam/digitalmarketing/vmware/en/pdf/products/vmware-vrealize-network-insight-user-guide.pdf

The Anatomy of a vBlog Part 2: Plugins, Site Optimizations and Analytics

Part 1 – Building a Blogging Platform

Having looked at hosting platform and operating system suggestions in Part 1, to conclude this two part series I’ll talk about how to make WordPress work harder for you through its plugin ecosystem as well as go through the site optimizations and caching improvements offered by CloudFlare. To finish off I’ll talk about GoSquared which is an external analytics engines that keeps track of site visitors and page views.

WordPress Plugins:

WordPress having been the defacto blogging engine for a number of years now has enabled a whole ecosystem of free and paid for plugins that are used to enhance the usability of your WordPress site. Think about these plugins similar to IOS Apps in that, just like just like the App Store they are easily searchable and installable from the Administration Plugin Menu and for better or worse…they are ultimately what keep you invested the WordPress platform…just like Apps on the iPhone.

In terms of plugin management, the WordPress platform makes it easy to install, configure and upgrade all the plugin from the one menu page. Up to this point I haven’t had any major issues with the plugins I use even. In terms of what plugins I use to help improve the readability, usability and socialability of the site, I’ve listed the plugins I consider core to this site below:

  • CloudFlare: Integrates your blog with the CloudFlare platform.
  • Crayon Syntax Highlighter: A Syntax Highlighter built in PHP and jQuery that supports customizable languages and themes.
  • GoSquared: Add GoSquared tracking code directly to your WordPress site.
  • Image Formatr: A simple plugin that goes through all the content images on posts & pages, and with zero user changes
  • Jetpack: Simplifies managing WordPress sites by giving you visitor stats, security services, speeding up images, and helping you get more traffic. Jetpack is a free plugin
  • Revive Old Post: Helps you to keeps your old posts alive by sharing them and driving more traffic to them from social networks. It also helps you to promote your content.
  • Yoast SEO: Written from the ground up by Joost de Valk and his team at Yoast to improve your site’s SEO on all needed aspects

TIP: Take a look at what features paid for plugins offer over free ones. Just like any software, you will always find an open/free alternative. Some plugins will also come in a lite version with certain features locked to a paid for version.

CloudFlare Optimizations:

As a new blog is starting off the amount of traffic hitting the site is generally small so having the site directly exposed on the internet isn’t usually a problem, however as your site grows you may need to consider fronting the site with a caching or performance engine. Security should also be a consideration to help protect you blog against malicious attacks or code vulnerabilities and exploits.

In the early days of the internet Akamai dominated web geocaching services and a lot of the world’s largest high volume sites used them to improved user experience and protect origin servers from traffic spikes. CloudFlare offers similar services to Akamai, but they do things differently… Their story is worth a read to get an idea of where they came from and what they are trying to achieve. https://www.cloudflare.com/our-story

CloudFlare-powered websites see a significant improvement in performance and a decrease in spam and other attacks. On average, a website on CloudFlare:

  • Loads twice as fast
  • Uses 60% less bandwidth
  • Has 65% fewer requests
  • Is way more secure

CloudFlare can be used regardless of your choice in platform. Setup takes most about five to ten minutes. Adding a website requires your domain’s DNS records to be hosted at CloudFlare (for free) and then make a couple of adjustments to the origin URL’s of your site and have the domain NS records point at CloudFlare’s name servers. A, AAAA, and CNAME records can have their traffic routed through the CloudFlare system. The core service is free and they do offer enhanced services for websites who need extra features like real time reporting or SSL.

As you can see below, CloudFlare offers a number of tweaking options, most of which are available on the free plan.

The efficiency in terms of bandwidth savings is also significant

The Firewall features is also impressive and works to block IP addresses trying to cause issues and launch brute force attacks on sections of the WorpdPress site such as /wp-admin

Having CloudFlare front your site is a no brainier and given that there is a very feature rich’s free version that is extremely effective its something to configure for all blogging sites. Or to add to your existing site. For a look at the specific plan capabilities, click here.

TIP: Comment SPAM can be a significant PITA for bloggers, and in the early days I would spend ten to thirty minutes a week cleaning up unmoderated comments. With CloudFlare in play the amount of comment SPAM has dropped down to almost non-existent levels.

GoSqaured Analytics:

GoSquared takes what JetPack does and elevates it to another level. This is one of the few external services that I have no trouble paying for because, as someone who loves numbers and trend analytics it delivers everything I need to keep tabs of what’s happening on the site. GoSquared offers real time stats on site visitors and as shown below gives you deep insights into not only, where people are visiting you site from, but a lot about what platform they are using to browse.

It works by downloading the WordPress plugin and entering the tracker code that in turn injects a bit of code onto every page from which the live tracking stats are received. They also have a free plan option, but it’s worth looking at the paid plans as your site grows.

https://www.gosquared.com/plans/

TIP: By looking at the site visit graphs you will start to get a feel for when your site is most accessed and from where the site visits occur. From this you will be able to deduct the best time for which to publish a new blog post.

Conclusion:

I hope this two part series has been helpful in breaking down the obvious and less obvious components of a blogging site and more specifically the Virtualization is Life! site that is running WordPress. As mention in Part 1, there is no right answer to what blogging platform is best, however my preference is to keep things under total control all while having a simple and efficient platform from which to create and distribute content. The tools that I have mentioned that go on top of the WordPress site are also vital in keeping things ticking over.

Hope this was useful for some!

VeeamON 2017 Wrap

VeeamON 2017 has come and gone and even though I left New Orleans on Friday afternoon, I just arrived back home…54 hours of travel, transit and delays has meant that my VeeamOFF continued longer than most! What an amazing week it was though for Veeam, our partners and our customers…The announcements that we made over the course of the event have been extremely well received and it’s clear to me that the Availability Platform vision that we first talked about last year is in full execution mode.

The TPM team executed brilliantly and along with the core team and the other 300 Veeam employee’s that where in New Orleans it was great to see all the hard work pay off. The Technical Evangelist’s main stage live demo’s all went off (if not for some dodgy HDMI) without a hitch and we all felt privileged to be able to demo some of the key announcements. On a personal note, It was a career highlight to be able to present to approximately 2000 people and be part of a brand new product launch for Veeam with Veeam PN.

From a networking point of view it was great to meet so many new people and put faces to Twitter handles. It was also great to see the strong Veeam Vanguard representation at the event and even though I couldn’t party with the group like previous years, it looked like they got a lot out of week, both from a Veeam technical point of view and without doubt on the social front…I was living vicariously through them as they where partying hard in New Orleans.

VeeamON Key Announcements:

Availability Suit 10

  • Built-in Management for Veeam Agent for Linux and Veeam Agent for Microsoft Windows
  • Scale-Out Backup Repository — Archive Tier
  • NAS Backup Support for SMB and NFS Shares
  • Veeam CDP (Continuous Data Protection)
  • Primary Storage Integrations — Universal Storage Integration API
  • DRaaS Enhancements (for service providers)
  • Additional enterprise scalability enhancements

For me, the above list shows our ongoing commitment to the Enterprise but more importantly for me working on enhancing our platform so that our Veeam Cloud and Service Providers can continue to leverage our technology to create and offer cloud based Disaster Recovery and Backup services.

Product Announcements and Releases:

I have been lucky enough to work as the TPM lead on Veeam PN and I was extremely excited to be able to demo it for the first time to the world. I’ve written a blog post here that goes into some more detail around Veeam PN and if you want to view the main stage demo I’ve linked to the video in the last section…I start the demo at the 29th minute mark if you want to skip through.

vCloud Director Cloud Connect Enhancements:

As mentioned above we have enhanced core capabilities in v10 when it comes to Cloud Connect Replication and Cloud Connect Backup. Obviously, the announcement that we will be supporting vCloud Director is significant and one that a lot of our Cloud and Service Providers are extremely happy with. It just makes the DRaaS experience that much more complete and when you add that to the CDP features in the core platform which will allow for sub minute RPO’s for replica’s it firmly places Cloud Connect as the market leader in Replication as a Service technologies.

We also announced backup to tape features for Cloud Connect Backup which will allow Cloud and Service Providers to offload long term backup files to cheaper storage. Note that this isn’t limited to tape if used in conjunction with a Virtual Tape Library. Hopefully our VCSP’s can create revenue generating service offerings around this feature as well.

VCSP Council Meeting:

On Thursday, our R&D leads met with a select group of our top Cloud and Service Provider partners over a three hour lunch meeting which could have gone all day if time permitted. It was great to be on the other side of the fence for the first time and hear all the great feedback, advice and suggestions from the group. It’s encouraging to hear about how Veeam Backup & Replication had become the central platform for IaaS, Cloud Replication an Backup offerings and with the v10 enhancements I expect that to be even more the case moving forward.

Main Stage Recordings:

Wednesday and Thursday morning both saw main stage general sessions where we announced our new products and features along with keynotes from Sanjay Poonen and Mark Russinovich as well as co-CEO Peter McKay and co-founder Ratmir Timashev. They are worth a look and I’ve posted links to the video recordings below. Note that they are unedited and contain all change overs and wait times.

https://www.veeam.com/veeamon/live

Press Releases:

Released: NSX 6.2.3 – Packed Full Of New Features!

Last week VMware released NSX-v 6.2.3 Build 3979471 and it’s anything but your standard point release. Running through the list off the release notes this could have easily been a major dot release. In good news for vCloud Air Network Service Providers there have been some major enhancements to the Edge Services Gateways which adds availability and protocol enhancements as well as added general stability through bug fixes and security updates.

There has also been additional management and monitoring built into the Web Client and other UI enhancements. The new licensing features as previously discussed in this post have come into effect as of this build so you will now see the license type and number of licenses used for VXLAN and DFW in the Web Client under NSX Managers -> Summary

As this is a big release I am going to filter through the release notes and pick the best features and fixes as it pertains to Service Providers and highlight the ones that I feel improve the ability to SPs to deliver strong networking services based on NSX-v as part of their service offerings.

Web Client Additions:

As mentioned above there have been a few UI enhancements in the 6.2.3 release including a new NSX Dashboard (shown below) that provides visibility into the overall health of NSX components in one view, Traceflow Enhancement for Network Introspection Services and the Firewall rules UI now displays configured IP protocols and TCP/UDP port numbers associated with services.

Going through the upgrade from previous NSX versions I noticed a few other UI additions. Once the Controllers are upgraded you can now see Disk Latency of each controller disk. The Controllers are extremely disk sensitive so it’s good to see this worked into the UI.

In addition to that new installations of NSX 6.2.3 will deploy NSX Controllers with updated disk partitions to provide extra cluster resiliency. Previously log overflow on the controller disk might impact controller stability. If you upgrade to NSX 6.2.3 the Controller will retain their original disk layout.

I also noticed a Channel Health option in the Host Preparation Tab that shows the status of the NSX Host agents and there are some other UI additions letting you modify the UUID of the NSX Instance and modify the VXLAN Port which can be done under Logical Network Preperation -> VXLAN Transport.

NSX Edge Service Gateway Changes:

As mentioned there have been a number of enhancements to the NSX ESGs which have further added to the maturity of the Edge appliance and makes it even more attractive for use with vCloud Director offering Hybrid Networking solutions…or just as a web frontend for key internet services. IS-IS has also been removed as a routing protocol option under dynamic routing as support has been pulled. TLS 1.0 has been depreciated and there have been some Cipher support changes for the IPSec, SSLVPN and L2VPN.

  • New Edge DHCP Options: DHCP Option 121 supports static route option, which is used for DHCP server to publish static routes to DHCP client; DHCP Options 66, 67, 150 supports DHCP options for PXE Boot; and DHCP Option 26 supports configuration of DHCP client network interface MTU by DHCP server.
  • Increase in DHCP Pool, static binding limits: The following are the new limit numbers for various form factors: Compact: 2048; Large: 4096; Quad large: 4096; and X-large: 8192.
  • Edge Firewall adds SYN flood protection: Avoid service disruptions by enabling SYN flood protection for transit traffic. Feature is disabled by default, use the NSX REST API to enable it.
  • NSX Edge — Resource Reservation: Reserves CPU/Memory for NSX Edge during creation. Admin user can modify the CPU/Memory settings after NSX Edge deployment using REST API to configure VM appliances.
  • Change in NSX Edge Upgrade Behavior: Replacement NSX Edge VMs are deployed before upgrade or redeploy. The host must have sufficient resources for four NSX Edge VMs during the upgrade or redeploy of an Edge HA pair. Default value for TCP connection timeout is changed to 21600 seconds from the previous value of 3600 seconds.
  • Flexible SNAT / DNAT rule creation: vnicId no longer needed as an input parameter; removed requirement that the DNAT address must be the address of an NSX Edge VNIC.
  • Maximum number of NAT rules: For NSX Edge versions prior to 6.2, a user could configure 2048 SNAT and 2048 DNAT rules separately, giving a total limit of 4096 rules. Since NSX Edge version 6.2 onwards, a limit is enforced for the maximum allowed NAT rules, based on the NSX Edge appliance size: 1024 SNAT and 1024 DNAT rules for a total limit of 2048 rules for COMPACT edge. 2048 SNAT and 2048 DNAT for a total limit of 4096 rules for LARGE edge and QUADLARGE edge. 4096 SNAT and 4096 DNAT rules for a total limit of 8192 rules for XLARGE edge.
  • Logging is now enabled by default for SSL VPN and L2 VPN. The default log level is notice.
  • NSX Edge technical support logs have been enhanced to report memory consumption per process.

Other Key Features and Additions:

  • NSX Hardware Layer 2 Gateway Integration: expands physical connectivity options by integrating 3rd-party hardware gateway switches into the NSX logical network
  • New VXLAN Port 4789 in NSX 6.2.3 and later: Before version 6.2.3, the default VXLAN UDP port number was 8472. See the NSX Upgrade Guide for details.
  • Firewall — Granular Rule Filtering: simplifies troubleshooting by providing granular rule filters in UI, based on Source, Destination, Action, Enabled/Disabled, Logging, Name, Comments, Rule ID, Tag, Service, Protocol.
  • Guest Introspection — Windows 10 support
  • SSL VPN ClientMac OS El Capitan support
  • Service Composer — Performance Improvements: enables faster startup/reboot of NSX Manager by optimizing synchronization between security policy and firewall service, and disabling auto-save of firewall drafts by default
  • VMware vRealize Log Insight 3.3.2 for NSX provides intelligent log analytics for NSX, This version accepts NSX Standard/Advanced/Enterprise edition license keys issued for NSX 6.2.2+

Upgrade Notes – RTFM:

In the release notes there is a detailed section on the upgrade and interoprability of this version of NSX with other key VMware components. It’s important that it’s read so as to not have a poor experience during the upgrade.

http://pubs.vmware.com/Release_Notes/en/nsx/6.2.3/releasenotes_nsx_vsphere_623.html#upgradenotes

Resolved Issues:

There are a large number of Resolved Issues which can be found on the release notes…below are the ones that relating to Service Providers running Edge Services Gateways.

  • Extended HA failover times for Edge Services Gateway (ESG) or DLR with Edge VM when using only static routes
  • NAT does not translate IP addresses when NSX Edge firewall is disabled
  • vCenter 6.0 restart/reboot may result in duplicate VTEPs on VXLAN prepared ESX hosts
  • After upgrading the NSX Edge from 6.1.x to 6.2.x, the NSX Manager vsm.log shows “INVALID DHCP CONFIG”
  • Unexpected TCP interruption on TCP sessions during Edge High Availability (HA) failover in NSX 6.2.x

http://pubs.vmware.com/Release_Notes/en/nsx/6.2.3/releasenotes_nsx_vsphere_623.html#resolvedissues

NSX Design Guide v3:

https://communities.vmware.com/servlet/JiveServlet/previewBody/27683-102-8-41631/NSX%20Reference%20Design%20Version%203.0.pdf

Overall a huge release for NSX-v. If you have the right entitlements you can login to MyVMware and download the binaries.

References:

http://pubs.vmware.com/Release_Notes/en/nsx/6.2.3/releasenotes_nsx_vsphere_623.html

Melbourne VMUG UserCon – Best Virtualisation Event Outside of VMworld!

“Best Virtualisation Event Outside of VMworld!” …now there is a big statement if ever there was one! Without insulting every other VMUG UserCon around the world, what I didn’t add to the blog title was “…in the southern hemisphere”. This will be my third Mebourne VMUG UserCon and without disrespecting Sydney’s VMUG UserCon happening a couple of days earlier the Melbourne event is up there when it comes to quality content, quality presenters and community feel.

The last couple of years I have attended the event in Melbourne I have taken away a lot of great technical and non-technical knowledge back home with me and with keynote speakers the likes of no less than Scott Lowe and Keith Townsend together with industry superstar Chris Wahl and other great local presenters I expect the same for the 2016 edition.

The Agenda is jam packed with virtualisation goodness and it’s actually hard to attend everything of interest with schedule conflicts happening throughout the day…my recommended sessions are listed below:

If you do feel like skipping Chris Wahl’s session at 10:30am I’ll be presenting with Frank Fan from PernixData on Using Infrastructure Analytics to Modernize Storage Management where we will be talking about FVP and Architect and how it’s helped detect bottlenecks in the ZettaGrid Labs as well as help the normalization of production workload performance. 

So though I live in Perth and help run the Perth VMUG I believe Melbourne is the true spiritual home of virutalisation in Australia and this UserCon is not to be missed…so if you are in Melbourne next week try and get down to The Crown Casino to participate, learn and contribute and hopefully we can catch up for a drink.

NSX vCloud Retrofit: NSX Manager Configuration and vCD VSE Deployment Validation

This blog series extends my NSX Bytes Blog Posts to include a more detailed look at how to deploy NSX 6.1.x into an existing vCloud Director Environment. Initially we will be working with vCD 5.5.x which is the non SP Fork of vCD, but as soon as an upgrade path for 5.5.2 -> 5.6.x is released I’ll be including the NSX related improvements in that release.

Part 2 – NSX Manager Configuration and vCD VSE Deployment Validation

Once you have updated the VSM to the NSX Manager there are a number of configuration items to work through…some of which would have been carried over from the vCNS upgrade. For user and group management you can reference this post where I go through the configuration of the Management Services to allow users and groups to administor NSX through the vCenter Web Client.

Once you have a Green Connected Button for the Lookup Service and vCenter Service as seen above you can configure the rest of the settings. Clicking on the home Icon will give you the menu below:

Go to Manage Appliance Settings -> General and configure the Time Settings, Syslog Server and keep the Locale that is relevant to you installation. Ensure the NTP Server is set and is consistent with other NTP servers referenced in vCloud, vCenter and ESXi (Time Sync is Critical between NSX Manager, Hosts and other Management Systems)

Configure a SYSLOG or point the NSX Manager at Log Insight which has a newly released Content Pack for NSX.

Go to Network Settings and enter in new Host Name Details without the Domain Name specified (those are put of the search domains) and double check the IP and DNS Settings

Note 1: Create a DNS entry (if not already created) for the Host Name ensuring there is a reverse lookup in place for internal name resolution of the Manager.

Go to Backup and Restore and (re)configure the Backup Settings to include an FTP location and an additional Pass Phrase for NSX Manager Restores.

Once done, perform a test backup

vShield Edge Deployment and Validation:

With that done we can now move onto to testing vCloud Director initiated deployments of the VSE 5.5.3 Edges that are deployed as legacy Appliances out of the NSX Manager. If you take a look under the covers of the NSX Manager you will see that it’s DNA is vShield and more to the point…the NSX portion has been itself retrofitted ontop of the vCNS VSM which has allowed for quick integration with vCenter and legacy interoperability with current versions of vCD.

vCloud Director will call vShield APIs (not NSX) to deploy edges for use with Virtual Datacenter Networking and all current functionality in the edges up to 5.5.3 are maintained. vCD will not be able to understand an NSX 6.1 ESG and if you upgrade (the option is there as shown below) you will have a fully functional Edge with all settings and config carried over…but not manageable by the vCloud GUI.

To ensure that all previous vCloud Director Deployment mechanisms and Edge Management is still functional deploy an Edge Gateway from the vCloud Director GUI checking to make sure that the OVF is deployed correctly…the service account will now be service.nsx (or the account you chose)

Validate the vShield Version at 5.5.3, Test Internal/External Access and IP Connectivity, Service Configurations by adding rules, disabling/enabling Firewall and Create and attaching a vORG Network and Check Port Group Status

If you are interested in what the 5.5.3 VSE Management looks like under the Network & Security Section of the Web Client, click on Edges and the Name of the Edge…what you see here is similar to what you would see for the 6.1 ESGs but with less functionality and features. What’s managed in the vCD GUI is what you see here.

With that validated you have ensured that vCloud Director will continue to do it’s thing and work as expected with NSX Manager in play…at this point we are not using any VXLAN Virtualwires or NSX Transport Zones Network Pools…that’s still to come!

VeeamON 2017: Top Session Picks

VeeamON is less than three weeks away and I can tell you that that this years event is going to be huge! This is going to be my second VeeamOn, but for the first time I’ve been involved in the preparation of a major vendor conference. Having been behind the scenes, and knowing what our customers and partners are in for in terms of announcements and event activities…I can’t wait for things to kick off on the 16th of May.

This year we have over 85+ breakout sessions and a number of high profile speakers coming to New Orleans to help delver those sessions. We also have significant keynote speakers for the main stage sessions on each of the three days. Highlighted by Sanjay Poonen from VMware and Mark Russinovich from Microsoft. You will also hear from our executive team on the vision Veeam has for continuing to provide availability through our industry leading innovations.

Top Session Pick:

There are seven tracks available

  • Technical (200-level / High level)
  • Technical (300-level / Architecture)
  • Technical (400-level / Internals)
  • Business
  • Alliance Partner
  • Veeam ProPartner
  • Cloud (Programs and Technologies)

I’ve gone through all the breakouts and picked out my top sessions that you should consider attending…not surprisingly there is a cloud slant to most of them, but there are also some core technology sessions that are not to be missed. The Technical Product Marketing team are well represented in the session list so it’s also worth looking to attend talks from Rick Vanover, Clint Wyckoff, Michael White, Michael Cade, Dmitry Kniazev, Andrew Zhelezko and Kirsten Stoner.


What’s New in v10: A Deeper Dive

Thursday, May 18 | 11:15-12:15
The v10 embargo has been lifted! Join Anton Gostev for a deeper dive into the new Veeam Availability Suite™ v10 functionality announced at the key note to learn additional details — and to ask your questions!
Anton Gostev
VP of Product Management
Veeam Software

Veeam and VMware vCloud Air Network: Building a successful cloud service

Tuesday, May 16 | 11:15-12:15
Globally, service providers are enthusiastically embracing hybrid cloud as both a way of reducing costs and improving the quality of service they provide to end customers. To achieve this, service providers are looking to VMware vCloud Air Network and Veeam to help them build a scalable cost effect cloud solution. In this session, we will get into the details of the technology. We’ll focus on how these solutions are architected and what that implies in real-life implementations. A participant in this session will leave with a technical understanding of how to leverage technology from Veeam and VMware to provide a successful cloud based storage service.
Anthony Spiteri
Technical Evangelist
Veeam Software
David Hill
Solutions Architect
VMware

Building a Comprehensive Availability Plan Leveraging Next Generation Veeam Cloud Services

Thursday, May 18 | 14:50-15:50
The notion of Always-On Availability is becoming a cornerstone of modern businesses, and rightfully so. Without the ability to support their mission-critical processes in the face of data loss or disasters, companies stand a significant risk of losing customers, money and reputation. This is why developing a comprehensive Availability plan is crucial for maintaining business operability and protecting critical data, applications and systems at any point. From planning and analysis to implementation and monitoring — each step of this plan needs to be in line with the company’s business needs, security policies and IT management procedures. Designed to address these needs, Veeam’s® next generation cloud-based backup and disaster recovery (DR) solutions offer a number of options to develop a solid Availability plan. Using Veeam’s integrated, next generation cloud Availability solutions in tandem with cloud-based backup and DR services, companies can stay ahead of major disruptions while keeping their IT spending within budget.
William Bell
Vice President, Product Development, Cloud and Enterprise Services
PhoenixNAP

Unleashing the Power of the Veeam API

Wednesday, May 17 | 16:10-17:10
Many Veeam® customers are experiencing the benefits of flexible, reliable and cost-effective backups and are now ready to get even more out of their Veeam solution. This is where the Veeam API, combined with cloud infrastructure, comes in. Veeam Backup Enterprise Manager exposes its objects via the web service API based on the REST (Representational State Transfer) framework, enabling developers to query information about Veeam objects and perform basic operations. By extending the Veeam solution to other IT operational areas using the API, customers can experience many efficiency and performance benefits. This session will deliver the education and insights you need to take your usage of Veeam to the next level by leveraging APIs. I’ll provide an overview of the Veeam Backup Enterprise Manager API and take a deep dive into different ways you can use the API to do more than just manage backup jobs. This session will deliver practical advice based on the experiences we have gained at iland through leveraging the API to automate and manage multiple aspects of our cloud and internal business operations.

Veeam Availability Console and the Agents: Introduction and Technical Demo

Tuesday, May 16 | 14:50-15:50
This session focuses on the new and expanded business opportunities with these Veeam solutions. Get into the weeds with the technical aspects of the products with live demos and information on how the features will impact you and your customer’s business.
Clint Wyckoff
Global Technical Evangelist
Veeam Software
Sam Nicholls
Global Product Marketing Manager
Veeam Software

How to Back Up and Restore VMware vCenter Server Appliance (vCSA) and Platform Controllers Properly

Thursday, May 18 | 13:30-14:30
There is some complexity to properly backing up vCenter and properly restoring it, especially when there are external components like databases and platform controllers. However, using Veeam and with some important knowledge, it is possible. vCenter is critically important in virtual infrastructures due to things like view and vRealize Automation, so it is very important that it is always available. If you lose some or all of the vCenter infrastructure, it is very important that you know how to recover it.
Michael White
Technical Evangelist
Veeam Software
Emad Younis
Technical Marketing Engineer
VMware

Throw your backups into ANY window

Wednesday, May 17 | 13:30-14:30
Choosing a storage solution for your backups can be a daunting task: Windows or Linux servers, SMB shares, SAN, NAS, deduplication appliances … But block cloning, a new feature in Windows 2016 and leveraged by Veeam Backup & Replication™, is promising to change this. Available for ReFS 3.1 file systems, this technology allows for insanely reduced transform times and spaceless GFS backups. Or at least, this is what marketing has told us so far, but how good is it in reality? Is an expensive and complex Storage Spaces Direct the only way to consume all the amazing new features? How can I design my new backup repository with these new options in mind? What about encryption and Veeam Scale-out Backup Repository™? Didier Van Hoye, Carsten Rachfahl (both Microsoft MVPs and Veeam Vanguards) and Luca Dell’Oca (Veeam cloud architect) have joined forces to bring you from-the-field information, tips, tricks and ideas to build your next Veeam backup repository with real-life tests and feedback gained from deploying this new powerful combination into multiple environments.
Luca Dell’Oca
Cloud Architect
Veeam Software
Didier Van Hoye
Microsoft MVP & Blogger
Blogger
Carsten Rachfahl
Blogger & Microsoft MVP
Blogger

What’s New with Veeam Agent for Windows 2.0

Thursday, May 18 | 16:10-17:10
Are you running applications in the cloud? Do you still have some remaining physical servers? Do you struggle to ensure Availability of your mobile workforce? Join Veeam technical evangelist Clint Wyckoff and Dmitry Popov from product management as they dive deep into the installation, management and recovery options that the Veeam Agent for Microsoft Windows provide. After this session, you will have the knowledge and skills required to manually install, automate the installation and configuration deployment. You will also have the knowledge to manage and perform advanced recovery utilizing Veeam.
Clint Wyckoff
Global Technical Evangelist
Veeam Software
Dmitry Popov
Senior Analyst
Veeam Software

Availability in a profile driven World

Wednesday, May 17 | 14:50-15:50
Have you had a chance to evaluate the new VMware storage technology landscape? VMware Virtual Volumes (VVols) and Virtual SAN (vSAN) are incredible innovations. These next generation storage technologies from VMware allow for Storage Policy-Based Management (SPBM) which is the way to manage virtual machine (VM) storage requirements in VMware vSphere going forward. The major challenge with traditional storage architectures is a misalignment between what the storage consumer wants and the capabilities that are provided. This results in inefficiencies through the over provisioning of storage resources. There is a strong need to provide alignment between application needs and storage resources. These storage policies are an evolution of virtual machine storage profiles, and used to ensure VMs are placed on storage that guarantees a specific level of capacity, performance, Availability redundancy and so on. When it comes to Availability, Veeam has you covered! Let’s look at a few areas where VVols and vSAN Availability can be easier than you think with Veeam.
Michael Cade
Technical Evangelist
Veeam Software
Pete Flecha
Sr Technical Marketing Architect
Vmware

VMware Backup Best Practices: 2017 Edition

Wednesday, May 17 | 16:10-17:10
Are you looking for the best way to back up your vSphere environment? Attend the 2017 edition of the most viewed VeeamON session to learn the latest and greatest strategies for VMware backup with Veeam, now enhanced with big data analysis! Get recommendations on the best way to deploy and size your backup server and other components — and hear what are the most typical configurations based on our support log mining! Learn the pros and cons of different VDDK-based transport modes, and how Veeam Availability Suite™ 9.5 completely changes previous recommendations on transport mode usage. And if your company wants to stay on the cutting edge, bring them back some backup and recovery considerations around new VMware storage technologies (vSAN, VVols and encrypted virtual machines) — those you won’t see mentioned in marketing papers.
Anton Gostev
VP of Product Management
Veeam Software

Backup Repository Best Practices: 2017 Edition

Thursday, May 18 | 14:50-15:50
Backup storage is the central part of any backup strategy that can lead your efforts to either complete success or complete failure. And yet, backup storage impact is always heavily underestimated by users. In this session, you’ll learn about the most typical mistakes observed in the past nine years by over 230,000 users deploying and using Veeam Backup & Replication™, so you can avoid the same mistakes. You’ll learn how Veeam Backup & Replication 9.5 has completely changed the game for many Veeam users with its advanced ReFS integration — and get a sneak peek of how v10 is going to dramatically expand your backup storage options. Finally, Anton will share lots of interesting (and sometimes scary) statistics we’ve picked up from support log mining that may change your attitude on backup storage forever!
Anton Gostev
VP of Product Management
Veeam Software

Conclusion:

There are obviously a lot more from which to choose from and the full list can be found here. You can also download the VeeamON Mobile Application to register for sessions, organise and keep tabs on other parts of the event.

There is still time to register and attend, so if you can make it to New Orleans in three weeks, click here and get on board as it promises to be a brilliant week with a lot of great announcements, great networking opportunities and also the ability to learn about Veeam’s and our partners products.

https://www.veeam.com/veeamon/register

Looking forward to seeing you all there!

NSX Bytes: NSX for vSphere 6.3 and NSX-T 1.1 Release Information

VMware’s NSX has been in the wild for almost three years and while the initial adoption was slow, of recent times there has been a calculated push to make NSX more mainstream. The change in licensing that happened last year has not only been done to help drive adoption by traditional VMware customers running vSphere that previously couldn’t look at NSX due to price but also the Transformers project has looked to build on Nicira’s roots in the heterogeneous hypervisor market and offer network virutalization beyond vSphere and beyond Open source platforms and into the public cloud space. The vision for VMware with NSX is to manage security and connectivity for heterogeneous end points through:

  • Security
  • Automation
  • Application Continuity

NSX has seen significant growth for VMware over the past twelve to eighteen months driven mostly from customer demand focusing around micro-segmentation, IT automation and efficiency and also the need to have extended multiple data centre locations that can be pooled together. To highlight the potential that remains with NSX-v less that 5% of the total available vSphere install base has NSX-v installed…and while that could have something to do with the initial restrictions and cost of the software it still represents enormous opportunity for VMware and their partners.

Last week the NSX vExpert group was given a first look at what’s coming in the new releases…below is a summation of what to expect from both NSX-v 6.3 and NSX-T 1.1. Note that we where not given an indication on vSphere 6.5 support so, like the rest of you we are all waiting for the offical release notes.

[Update] vSphere 6.5 will be supported with NSX-v 6.3

Please note that VMware vSphere 6.5a is the minimum supported version with NSX for vSphere 6.3.0. For the most up-to-date information, see the VMware Product Interoperability Matrix. Also, see 2148841.

NSX for vSphere 6.3 Enhancements:

Security:

  • NSX Pre-Assessment Tool based on vRealize Network Insight
  • Micro-Segmentation Planning and application visibility
  • New Security Certifications around ICSA, FIPS, Common Criteria and STIG
  • Linux Guest VM Introspection
  • Increase performance in service chaining
  • Larger scalability of VDI up to 50K desktops
  • NSX IDFW for VDI
  • Active Directory Integration for VDI at scale

Automation:

  • Routing Enhancements
  • Centralized Dashboard for service and ops
  • Reduced Upgrade windows with rebootless upgrades
  • Integration with vRA 7.2 enhancing LB,NAT
  • vCloud Director 8.20 support with advanced routing, DFW, VPN
  • VIO Updates to include multi-vc deployments
  • vSphere Integrated Container Support
  • New Automation Frameworks for PowerNSX, PyNSXv, vRO

Application Continuity:

  • Multi-DC deployments with Cross VC NSX enhancements for security tags
  • Operations enhancements with improved availability
  • L2VPN performance enhancements for cross DC/Cloud Connectivity

Where does NSX-T Fit:

Given there was some confusion about NSX-v vs. NSX-t in terms of everything going to a common code base starting from the transformers release it was highlighted that VMware’s primary focus for 2017 hasn’t shifted away from NSX for vSphere and will still be heavily invested in to add new capabilities in and beyond 6.3 and that there will be a robust roadmap of new capabilities in future releases with support extended will into the future.

NSX-t’s main drivers related to new data centre and cloud architectures with more hetrogeneality driving a different set of requirements to that of vSphere that focuses around multi-domain environments leading to a multi-hypervisor NSX platform. NSX-t is highly extensible and will address more endpoint heterogeneity in future releases including containers, public clouds and other hypervisors. As you can see before the existing use cases for NSX-t are mainly focused around devops, micro-segmentation and multi-tenant infrastructure.

NSX-T 1.1 Brief Overview:

Again the focus is around private IaaS and multi-hypervisor support for development teams using dev clouds and employing more devops methodologies. There isn’t too much to write home about in the 1.1.0 release but there is some extended hypervisor support for KVM and ESXi, more single or multi-tenant support and some performance and resiliency optimizations.

Conclusion:

There is a lot to like about where VMware is taking NSX and both product streams offer strong network virtualization capabilities for customers to take advantage of. There is no doubt in my mind that the release of NSX-v 6.3 will continue to build on the great foundation laid by the previous NSX versions. When the release notes are made available I will do take a deeper look into all the new features and enhancements and tie them into what’s most useful for service providers.

« Older Entries