Search Results for: retrofit

Sneak Peek – Veeam 9.5 vCloud Director Self Service Portal

Last month Veeam announced that they had significantly enhanced the capabilities around the backup and recovery of vCloud Director. This will give vCloud Air Network Service Providers the ability to tap into a new set of RESTful APIs that adds tenanted, self service capabilities and be able to offer a more complete service that is totally controlled and managed by the vCloud tenant.

As part of the Veeam Vanguard program, I have been given access to an early beta of Veeam v9.5 and have had a chance to take the new functionality for a spin. Given the fact this is an very early beta of v9.5 I was surprised to see that the installation and configuration of the vCloud Director Self Service functionality was straight forward and like most things with Veeam…It just worked.

NOTE: The following is based on an early access BETA and as such features, functions and menu items are subject to change.

Basic Overview:

The new vCloud Director integration lets you back up and restore single VMs, vApps, Organization vDC and whole Organization. This is all done via a web UI based on Veeam Backup Enterprise Manager. Only vCD SP versions are compatible with the feature. Tenants have access to Self-Service web portal where they can manage their vCloud Director jobs, as well as restore VMs, files and application items within their vCloud Director organization.

The Service Provider exposes the following URL to vCD tenants:


As shown in the diagram below Enterprise Manager than talks to the vCloud Director Cells to authenticate the tenant and retrieve information relating to the tenant vCloud Organization.

Configuring a Tenant Job:

Anyone who is familiar with Veeam will recognize the steps below and the familiar look of the menu options that the Self Service Portal provides. As shown below the landing page once the tenant has authenticated is similar to what you see when logging into Enterprise Manager…in fact the beauty of this portal is that Veeam didn’t have to reinvent the wheel…they just retrofited vCD multi-tenancy into the views.

To configure a job click on the the Jobs Tab and hit the Create Button.

Give the Job a Name and set the number of restore points to keep.

Next select the VMs you want to add to the Job. As mentioned above you can add the whole Org, vDC, vApp and as granular as per VM.

Next select any Guest Processing you want done for Application Aware backups.

And then set the Job Schedule to you liking.

Finally configure email notification

Once that has been done you have the option to Run the Job manually or wait for the schedule to kick in. As you can see below you have a lot of control over the backup job and you can even start Active Full Jobs.

Once a job has been triggered you have access to view logs on what is happening during the backup process. The details is just as you would expect from the Veeam Backup & Recovery Console and keeps tenant’s informed as to the status of their jobs.

More to Come:

There is a lot more that I could post but for the moment I will leave you all with that first sneak peak. Once again Veeam have come to the party in a big way with this feature and every service provider who run vCloud Director should be looking at Veeam 9.5 so as to enhance the value of their IaaS offering.


vCD SP 8.10 New Features Part 1 – Full NSX Support

As mentioned last week VMware released vCloud Director SP 8.10 and with it a list of significant new features and improvements. In this series I’ll go through most of the new additions a little deeper and comment around their significance. As I talked about last week in my introductory post one of the major updates was full support for NSX 6.1.x and 6.2.x. This coincides with the end of support for vCloud Networking and Security which will go EOL later this year.

This move will force vCAN Service Providers to upgrade to NSX from vShield sooner rather than later and in my opinion that is a good thing even though there are additional architecture complexities to design around as well as the increased cost pressures.

NSX Edge Improvements:

Technically whats different in the vCD 8.10 SP release is that all vDC Edge Gateways are deployed as full NSX Edges whereas before if vCD initiated an Edge deployment the VSE would be deployed at the latest 5.5.x version. Shown below is a comparison of the versions from previous vCD SP builds and the new 8.10 build.

What’s different here is that there is full support NSX ESGs configured through the vCD UI however through the vCD UI you still only have access to configure the base services as shown below. If you go to the Web Client you will see that all the enhanced NSX Edge services are enabled.

One of the other benefits is that there was a lot of issues around the VIX API and VSE monitoring between the NSX Manager and the vCD Cells and Edges loosing sync and become unmanageable. NSX ESGs are monitored and maintained through a Message Bus in a host module which is a lot more stable and should remove those loss of manageability issues. While legacy VSEs are still supported it’s now suggested that all existing VSEs are upgraded to the available ESG version from the NSX Edges Menu under the Networking & Security section of the Web Client.

NSX Advanced Networking Support:

While I am unable to talk about this product in any great detail, most vCAN Service Providers know that there is a ANS product being released that will allow deeper integration between vCD and NSX that will allow vCD Tenants to fully utilize all the features of the NSX Edge Gateways…this has been prepped since the 5.6.x releases and if you right click on an edge gateway you will see a hint of what’s to come.

Official Supportability Matrix:

Below is the official supportability matrix for all vCD SP release and NSX-v…as shown below, 8.10 is good with NSX 6.2.3, 6.1.5 and 6.1.6 but not 6.1.7.


NSX Bytes: Friends Don’t Let Friends Delete The VTEP PortGroup

Last week I posted a tweet saying “Friends don’t let friends delete the NSX-v VTEP PortGroup” and as most of us do in our industry we learn by doing and I found out the hard way that you shouldn’t mess with the PortGroup created during the Host Preparation of the NSX setup and configuration stage. This PortGroup is used by the Hosts in an NSX Enabled Cluster for the VMKernel Interfaces that are the VTEPs or VXLAN Tunnel End Points.

In a production environment this action is actually near on impossible to do because you can’t delete a PortGroup when it’s in use. Where I found myself in this situation was in trying to clone off a lab environment and restore components of the existing lab into new lab with new hosts. With that the following is something that could be handy in lab environments.

Once the new hosts have been prepared I went to configure the VXLAN against the cluster which creates a new VMKernel Interface on each host and assigns it a VTEP address from DHCP or from a pre-configured IP Pool but got an error. When I looked at the event logs in vCenter I saw the following error.

DVPortGroup dvportgroup-148806 couldnot be found
 The object or item referred to could not be found

Instantly I remembered that I had “cleaned up” the cloned vCenter configuration and removed any surplus PortGroups…in doing so I deleted the PortGroup NSX was referencing. I tried to recreate the PortGroup with the same name but it was clear that the configuration was referencing the MOID of the PortGroup and asking vCenter to use that to complete the job. Even an export/import of the Distributed Switch configuration from the original vCenter didn’t do the trick as the import increments the MOID already contained in the vCenter Database.

GSS Support Fix:

Thinking back to previous NSX related cases I’ve raised with VMware support I knew that the NSX Manager Database kept a very simple structure of vCenter objects and I guessed that some backend SQL search and replace could do the trick. After raising a case I had the guys in GSS enter into the NSX Manager backend, that can only be access with a secret VMware password and search for the table that referenced the MOID of the PortGroup. As can be seen below the fix is simple if you know the MOID of the old and the new PortGroup.

Note: Only VMware Support can action this fix.

With that modification committed I was able configure the VTEPs for the new hosts and continue to rebuild up the cloned instance. So if you ever get yourself in a situation where you have managed to do as I have done…there is a fix that can be done to avoid a complete start from scratch scenario.

VMworld 2016 : Session Voting #8808

Well this has crept up on us quickly this year! It’s time to vote for the VMworld Sessions that will be part of the US and Europe VMworld’s held later in the year. The Session Voting is more Session liking as you have the ability to mark multiple sessions as ones that you would like to see. There are 1574 sessions that where submitted and are listed in the Online Catalog.

As with the last couple of years I have submitted a session. This year I have decided to focus on a Real World Look at how we here at Zettagrid implemented NSX into our Service Offering. Have a read of the description below and if you want to hear more about NSX (with a little vCloud Director thrown in) in the real world and the lessons I’ve learnt over the past couple of years please consider Session #8808 for a vote.

NSX in Service Provider Land – Lessons Learnt from the Real World [8808]

VMware NSX has been out for two years and in that time has already gone through some significant updates and feature addons. The power of the NSX platform and what that offers Service Providers meant that getting NSX into Zettagrid become priority number 1 leading up to the end of 2015. Come and hear how Zettagrid successfully retrofitted NSX into an existing vCloud Platform that spans three Hosting Zones across Australia. In this session I will take you through how we brought NSX from Lab to limited BETA release to full production productization and deployment. You will hear about how working on the bleeding edge of network virtualization had its challenges and how NSX as an overlay network fit into our existing physical layer as well as the operational and architecture challenges we ran into before being able to offer our NSX Advanced Networking Product as part of our vCloud Director Virtual DC portfolio extending our Hybridity capabilities.

Track:  Software-Defined Data Center
Product and Topic:  Customer Story
Session Type:  Breakout Session
Audience:  IT – All, IT – Network, IT – Operations, IT – Telecom, Research and Development, Technical Support
Sub track:  Networking and Security

There is a lot of competition around the NSX space with 302 sessions listed that contain NSX in the title or the description but I’m hoping my experiences are interesting enough to get some votes and then make it through the internal voting process. On a separate note it was also pleasing to see an increase in the number of vCloud Director sessions this year.

As per the VMworld Session Voting FAQ Session Voting is open May 12 – May 26 at 11:59 pm PDT.


Important – vCNS and NSX End of Availability and Support Notifications

For a while now we have known that vCloud Networking and Security’s days where numbered…with the release of NSX as a replacement+ product it had been communicated to current vCNS customers that an upgrade to NSX-v would be on the cards to ensure continued support and functionality. The date has now been set for the EOA of vCNS and in somewhat of a surprise to me VMware also last week announced the EOA for NSX-v 6.1.x will reach end of availability later in the year.

VMware has announced the End of Availability (“EOA”) of the VMware vCloud Networking and Security 5.5.x which will commence on September 19, 2016

VMware has announced the End of Availability (“EOA”) of the VMware NSX for vSphere 6.1.x and will commence on October 15, 2016

In both cases the VMwareKBs state that the products will continue to function. However, support will no longer be available, nor update releases or patches…so end of the day use at your own risk and don’t expect any help is the proverbial hits the fan.

The EOA and Support of NSX-v, while a surprise can be dealt with fairly easily by existing NSX-v customers. To get the most out of NSX-v in terms of the enhanced capabilities and features you should be running a version of 6.2.x and there is a new major release just around the corner (to be announced later in the year possibly). The only current caveat is upgrades from 6.1.5 to 6.2.0 are not supported…you must upgrade from 6.1.5 to NSX 6.2.1 or later to avoid a regression in functionality.

With regard to existing vCNS customers who are not Service Providers or have not gotten their hands on…let alone wrapped their heads around NSX-v this isn’t fantastic news. This Reddit post sums up some of the feeling out there in regards to the upgrade path for vCNS to NSX-v. To sum up the general feeling that I have come across…NSX-v is a lot more expensive than what vCNS was (in most cases it was part of the general vSphere/vCloud editions and bundles) and existing users of vCNS are finding it hard to justify that cost when considering the fact that some of the best NSX-v features are surplus to their requirements.

End of the day here there aren’t too many options for vCNS customers, but there is talk about VMware releasing an NSX-Lite version to satisfy the gap that exists between current customer requirements of vCNS features vs the all in nature of the NSX-v feature set…the clock is now ticking!

vCloud Director and vCNS:

Tom Fojta blogged earlier in the week that VMware have released an additional whitepaper for for vCAT SP that goes through a vCNS upgrade to NSX in vCloud Director Environments. I’ve also covered that in my vCloud Director NSX Retrofit series here.



New Book: Learning VMware NSX

Last year I was asked by @rjapproves if I would be interested in reviewing a book he was writing on VMware’s NSX-v platform. Ranjit approached me and was interested in having me as a technical reviewer based on the blog content I had done around NSX as part of the NSX Bytes series as well as the NSX vCloud Director Retrofit series. Having not done a critical review of technical material before I jumped at the opportunity…it also gave me an opportunity to validate the work I’ve done with NSX over the past 18 months and to have my contribution acknowledged along with co-reviewer @jfrappier.

The book acts as an introduction into the installation and configuration of NSX-v and works through the basics of getting NSX-v up and running in your vSphere platform. Ranjit goes through the concepts around all the core components that work together to make NSX-v tick.

The book is available on Amazon and is published through Packt Publishing. The kindle version is available now with the paperback shipping in early March.

Well done to Ranjit on pushing through and getting this book project done! 

Top Posts 2015

2015 is pretty much done and dusted and it’s been an great year in for Virtualization is Life! There was a 300% increase in site visits this year compared to 2014 and 1600% increase in visits since the first year I began blogging in 2012. In 2015 I managed to pump out 110 Posts (including this one) which meant I achieved a new years goal of at least two posts per week.

Looking back through the WordPress JetPack stats I’ve listed the top 10 Blog Posts from the last 12 months. Obviously vCloud Director and NSX dominate the top ten but it was interesting to see that two of the most generic and certainly basic posts took out the top two spots. It shows that bloggers should not be afraid of blogging around “perceived” simple topics as there is an audience that will appreciate the content and get value out of the post.

1. vSphere 6.0 vCenter Server Appliance: Upgrading from 5.x
2. Quick Post: E1000 vs VMXNET3
3. NSX Edge vs vShield Edge: Part 1 – Feature and Performance Matrix
4. VMware vCloud Director 8.0 Beta: #LongLivevCD
5. vCloud Director 8.0 Beta Kick Off – Initial Thoughts and Reaction
6. Released: vCloud Director 5.6.4 SP – Upgrade from 5.5.2.x and NSX 6.1.2 Support
7. vCloud Director SP: The Need for UI Improvement!
8. vSphere 5.5 Update 3 Released: Features and Top Fixes
9. The Reality of Cloud – Outages are Like *holes…
10. NSX vCloud Retrofit: Intro and VSM to NSX Manager Upgrade

The Top 10 reflects my passion for vCloud Director and NSX and those two technologies also dominated my professional life in 2015. On a personal level I have enjoyed writing a few more opinion pieces this year…my favourites being The Reality of Cloud Outages (#9) and a post around the failing of local Cloud provider Ninefold and how going up directly against AWS is not a smart thing in the IaaS world. That post also got picked up by @CRN_AU and syndicated here.

It was also pleasing to see so much support for my posts on vCloud Director and the need for action on the UI…I think we may have had a win there 🙂

Thanks to all my site sponsors, Veeam, PernixData, VMTurbo and Zerto…looking forward to an even bigger 2016!


NSX Bytes: NSX 6.2 GA and NSX Manager Upgrade

NSX for vSphere version 6.2 was made Generally Available earlier today and there has been some significant updates and improvements to the Network Virtualization Platform from the 6.1.x releases. Most of the improvements revolve around the cross vCenter functionality and enhances to the Distributed features and dynamic routing. There are also a number of operational and troubleshooting enhancements.

For a detailed look at the new features and improvement have a look at the release notes here, or check out Anthony Burke’s post here. For me the cross vCenter functionality opens up a lot of possibilities to connect multiple vCloud Director Availability Zones and offer true geographically dispersed service offerings at the lower networking layers while for the pure networking guys there seems to be a number of enhancements to the BGP functionality which is one of the best features of the NSX Edge’s.

Upgrading NSX Manager from 6.1.4 to 6.2:

There is nothing too different in the steps to upgrade NSX from the previous versions however there are a few steps to be aware of that have been introduced with NSX-v 6.2. From an overall component point of view components must be upgraded in the following order:

  1. NSX Manager
  2. NSX controller
  3. Clusters and Logical Switches
  4. NSX Edge and Guest Introspection

NSX Manager Upgrade:

  • Take a backup of the NSX Manager VM
  • Snapshot the NSX Manager VM
  • Take a backup of the config from the NSX Manager Web GUI
  • Shutdown the NSX Manager

Here is where things change with 6.2. The following is contained in the release notes:

The memory and CPU requirements for installing or upgrading NSX Manager have increased. NSX Manager 6.2.x requires at least 16 GB of memory. Before upgrading NSX Manager, raise the NSX Manager virtual appliance’s reserved memory to 16 GB, or, for large-scale installations, raise it to 24 GB. For large scale installations, VMware recommends allocating 8 CPUs for NSX Manager.

If any of the following thresholds are crossed, the deployment is considered to be large:

100 hypervisors , 100 NSX Edges or 1,000 global distributed firewall rules

The requirements for large installations is now a fairly hefty 8vCPU and 24GB or vRAM for the NSX Manager which double the resources from the previous NSX and VSM versions.

Once the NSX Manager VM has been modified and powered back on…upgrade the Manager with the new build package.


The upgrade process, as with previous versions can take up to 20 minutes and once done you can log back into the NSX Manager GUI and view the build number to confirm the upgrade has been successful.

If you didn’t upgrade the vRAM of the VM prior to upgrade you will receive the following message upon logging in telling you to upgrade to at least 16GB of vRAM.

We are now running Version 6.2.0 Build 2986609. You will also notice the new Universal Sync Service in the NSX Manager Component management section…which is used for cross vCenter deployments.

The final step of the upgrade process is to restart the vCenter Web Client services to ensure any lingering previous version data doesn’t remain in the system. The Upgrade Guide specifies how do do this for the version 5 and 6 VCSA. Once that’s done you can login and under the Networking & Security section you should see the Upgrade Avaliable option appears under the Controller Cluster Status.

From here you can go through the usual upgrade steps which are listed in my previous NSX Upgrade series. I would also recommend reading through the online documentation which goes through the process in greater detail.

With that done, I’ll be keen to test out all the new functionality which will hopefully generate some more NSX related content.



NSX Edge vs vShield Edge: Part 1 – Feature and Performance Matrix

I was having a discussion internally about why we where looking to productize the NSX Edges for our vCloud Director Virtual Datacenter offering over the existing vCNS vShield Edges. A quick search online didn’t come up with anything concrete so I’ve decided to list out the differences as concisely as possible.

This post will go through a basic side by side comparison of the features and performance numbers…I’ll then extend the series to go into specific differences between the key features. As a reminder vCloud Director is not NSX aware just yet, but through some retrofiting you can have NSX Edges providing network services for vCD Datacenters.

Firstly…what is an Edge device?

The Edge Gateway (NSX-v or vCNS) connects isolated, stub networks to shared (uplink) networks by providing common gateway services such as DHCP, VPN, NAT, dynamic routing (NSX Only) , and Load Balancing. Common deployments of Edges include in the DMZ, VPN Extranets, and multi-tenant Cloud environments where the Edge creates virtual boundaries for each tenant.

Below is a list of services provided by each version. The + signifies an enhanced version of the service offered by the NSX Edge.

Service Description vSheld
NSX Edge
Firewall Supported rules include IP 5-tuple configuration with IP and port ranges for stateful inspection for all protocols
NAT Separate controls for Source and Destination IP addresses, as well as port translation
DHCP Configuration of IP pools, gateways, DNS servers, and search domains ✔+
Site to Site VPN Uses standardized IPsec protocol settings to interoperate with all major VPN vendors
SSL VPN SSL VPN-Plus enables remote users to connect securely to private networks behind a NSX Edge gateway ✔+
Load Balancing Simple and dynamically configurable virtual IP addresses and server groups ✔+
High Availability High availability ensures an active NSX Edge on the network in case the primary NSX Edge virtual machine is unavailable ✔+
Syslog Syslog export for all services to remote servers
L2 VPN Provides the ability to stretch your L2 network.
Dynamic Routing Provides the necessary forwarding information between layer 2 broadcast domains, thereby allowing you to decrease layer 2 broadcast domains and improve network efficiency and scale. Provides North-South connectivity, thereby enabling tenants to access public networks.

Below is a table that shows the different sizes of each edge appliance and what (if any) impact that has to the performance of each service. As a disclaimer the below numbers have been cherry picked from different sources and are subject to change…I’ll keep them as up to date as possible

Edge (Compact)
Edge (Large)
Edge (X-Large)
Edge (Compact)
NSX Edge (Large) NSX Edge (Quad-Large) NSX Edge (X-Large)
vCPU 1 2 2 1 2 4 6
Memory 256MB 1GB 8GB 512MB 1GB 1GB 8GB
Disk 320MB 320MB 4.4GB 512MB 512MB 512MB 4.5GB
Interfaces 10 10 10 10 10 10 10
Sub Interfaces (Trunk)  –  –  – 200 200 200 200
NAT Rules 2000 2000 2000 2000 2000 2000 2000
FW Rules 2000 2000 2000 2000 2000 2000 2000
DHCP Pools 10 10 10 20,000 20,000 20,000 20,000
Static Routes 100 100 100 2048 2048 2048 2048
LB Pools 64 64 64 64 64 64 64
LB Virtual Servers 64 64 64 64 64 64 64
LB Server / Pool 32 32 32 32 32 32 32
IPSec Tunnels 64 64 64 512 1600 4096 6000
SSLVPN Tunnels 25 100 50 100 100 1000
Concurrent Sessions 64,000 1,000,000  1,000,000 64,000 1,000,000 1,000,000 1,000,000
Sessions/Second 8,000 50,000
LB Connections/s (L7 Proxy) 46,000 50,000
LB Concurrent Connections (L7 Proxy) 8,000 60,000
LB Connections/s (L4 Mode) 50,000 50,000
LB Concurrent Connections (L4 Mode) 600,000 1,000,000
BGP Routes 20,000 50,000 250,000 250,000
BGP Neighbors 10 20 50 50
BGP Routes Redistributed No Limit No Limit No Limit No Limit
OSPF Routes 20,000 50,000 100,000 100,000
OSPF Adjacencies 10 20 40 40
OSPF Routes Redistributed 2000 5000 20,000 20,000
Total Routes 20,000 50,000 250,000 250,000

Note: I still have a few numbers to complete specifically around NSX Edge Load Balancing and I’m also trying to chase up throughput numbers for Firewall and LB.

From the table above it’s clear to see that the NSX Edge provides advanced networking services and higher levels of performance. Dynamic Routing is a huge part of the reason why and NSX Edge fronting a vCloud vDC opens up so many possibilities for true Hybrid Cloud.

vCNS’s future is a little cloudy, with vCNS 5.1 going EOL last September and 5.5 only available through the vCloud Suite with support ending on 19/09/2016. When you deploy edges with vCloud Director (or in vCloud Air On Demand) you deploy the 5.5.x version so short term understanding the differences is still important…however the future lies with the NSX Edge so don’t expect the VSE numbers to change or features to be added.


Platform9 Introduction

I came across Platform9 while wandering the back halls of the VMWorld Solutions Exchange last year in San Francisco…as a fan of the movie District 9 I was drawn to the name without really knowing anything about the tech being shown. After a brief chat with the booth staff going over product I thought to myself that there was potential in a SaaS based Cloud Management/Provisioning Platform…another side of me thought it also threatens part of the work I do in designing and managing Service Provider based Cloud Platforms like vCloud Director.

A few months later Platfrom9 has launched with fresh rounds of VC funding and is ready to go prime time. I spent some time today with Sirish Raghuram Who is the CEO and Co-founder…he also has a very interesting pedigree having previously been with VMware since 2002 working on products like Workstation, SRM and vCloud Director…in fact he was part of the team responsible for bringing maturity to later versions of vCD.

Sirish took me through the basics of what Platform9 offers and how it easily plugs into on-premises Hypervisior resources focusing on KVM with BETA support for ESXi…effectively what you get with Platform9 is your own version of the Openstack Platform and your own Management Portal to control compute, storage and network resources. You then to carve up those resources for use by departments or clients. Like vCloud Director, it abstracts management and provides a mechanism to consume IaaS resources.

What I like about this solution is that its easy…Implementing Openstack is not! …Especially if you choose to deploy and manage it yourself. The time savings along with budget savings compared with deploying and maintaining OpenStack in-house make this an attractive option. It also potentially fills a gap in the market that’s been vacated by VMware’s decision to pull vCD from Enterprise and replace it with the more complicated (dare I say bloated) vRealize Automation. To clarify that comment, think about a situation where a company has a small vCenter Instance with two or three hosts…vRA isn’t the best fit if the company wants to explore Private Cloud…Platform9 fits in nicely and can be retrofitted with ease.

For Service Providers if offers an opportunity to experience Openstack and take advantage of its KVM strengths…dual stacks become a more plausible option and with access to refined APIs it makes it easy for SPs with existing Account/Control Panels to integrate and add to existing offerings. There is also a lot of interest in it’s potential for management of Docker…which is all the rage these days.

For me, this isn’t going to replace vCloud Director SP for vSphere Platforms short to medium term…there are a lot of holes in what Openstack does compared to vCloud Director but there is a future here and there are many use cases where Platform9 makes sense.

« Older Entries Recent Entries »