Wednesday, 28 December 2016

Anti-Virus Exclusions for VMware and Windows

Over the years I had come across a lot of issues around OS performance where part of culprit has been to do with Anti-Virus settings. Leaving them as default settings can cause a lot of pain and headache. Here are some of the useful information I have gather from a couple of kb articles from VMware and Windows to help you get a better grip of what to scan in the guest OS to avoid wasting compute cycles especially if you are using public IaaS platforms.

  • Exclude the folders from scanning for VMware tools or your installation of vCenter. Change the drive letter to reflect where you have installed the software :
    • Windows Server 2012 "C:\Program Files\VMware\"
    • Windows Server 2008 "C:\ProgramData\VMware\"
    • Windows Server 2003 "C:\Documents and Settings\All Users\Application Data\VMware\
  • Choose either to real-time scan on "Read" or "Write" try not to do both as you would waste processing power. My preferred option would be to real-time scan on "Write" as if during write you have scanned it then you could safety assume that the file was clean on writing to disk.
  • Turn off scanning of Windows Update or Automatic Update database file "Datastore.edb" which by default for windows is at %windir%\SoftwareDistribution\Datastore
  • Turn off scanning for logs files located in the following folder which by default is at %windir\SoftwareDistribution\Datastore\Logs specifically to exclude the following type of files edb*.jrs, edb.chk and tmp.edb
  • Turn off scanning for the following type of files *.edb, *sdb, *.log, *.chk and *.jrs in the following directory %windir\Security\Database
  • Exclude group policies settings files *.pol or to be specific they are within the following locations
    • %allusersprofile%\ specifically NTUser.pol
    • %SystemRoot%\System32\GroupPolicy\Machine\ specifically Registry.pol
    • %SystemRoot%\System32\GroupPolicy\User\ specifically Registry.pol
KBs Article Used


Wednesday, 21 December 2016

vSan, SRM, vVols Technical Documents

VMware has release a new section for Storage and Availability technical documents which covers areas such as vSAN, SRM, vVOLS, vSphere Replication and vSphere Core Storage. There are lots of great papers around good practices, technical overviews on these areas. 

Also catch up on the great podcast virtually-speaking-podcast

Storage and Availability Technical Documents - https://storagehub.vmware.com/

A good place to try out the new features and functions without needing to install the soft use the VMware hands-on-labs - http://hol.vmware.com

Wednesday, 16 November 2016

vSphere 6.5 GA

VMware has just GA their vSphere 6.5 and there are some really good enhancements such as
  • Native high availability for vCenter
  • Improved HTML 5 based vSphere client
  • VM-level encryption
  • Easy migration from Windows vCenter to vCenter appliance
plus much much more

I have included some links here to the key documents to read through as a starter in the order that I feel I would normally read:
  • First point for me is to read the release notes

  • White paper for whats new in vSphere 6.5

  • Check what VMware products are compatibility with vSphere 6.5 so you don't get caught out thinking just upgrading to vSphere 6.5 it will work with all your existing VMware products. ie If you was using Site Recovery Manager (SRM) you would need to upgrade SRM 6.5 as well which means you would need to plan out your migration

  • Check if it will work on your current hardware infrastructure

  • Check if the Guest OS that you are currently running on your vSphere environment is supported under vSphere 6.5

  • Configuration maximums
  •  Compare which edition has which features. As usual Enterprise + edition will have the most of the new features 
http://www.vmware.com/products/vsphere.html  (Click on "Compare" and it will take you see see all the features and which editions has those features

  • Finally the document library where all the usual installation and user guides are

Hope you find the links useful

Wednesday, 14 September 2016

VMworld 2016 Session videos

Great news where you can now watch all the sessions that have been recorded during VMworld 2016 in US for free. It used to be for people who had paid for a subscription or had attended the event.
 
To be able to view the recording you would need to create an account at http://www.vmworld.com/. Once you have created an account, log in and head scroll to the bottom of the page where you will see a header "VMworld Sessions" and click on Session Playback.
 
 
You will be take to a page where you can select which year's playbacks you would like to view. Select 2016 one and you maybe prompted to confirm a few details before you can view the videos. Once you have done that you can select the sessions you like to see.
 
So now you can view all the sessions in your own comfort.

Tuesday, 21 June 2016

Powercli New-Datastore script to mount NFS datastores

One of the pain points of building out a ESXi host is usually when you are presenting your NFS storage to an ESXi host. A few datastore is a easy task but when you have to
present 10+ for each of your host it can be a pain. At this point you either have host profiles to help you or you start using powercli to help automate the task.


I will talk through how I will be using the command "new-datastore" cmdlet. The easier way to just add one datastore is to run to command:


new-datastore -nfs -Name Datastore_Name -Path /vol/abc -nfshost IP_Of_NFS_Server


Name - the name that you want to use to help identify the datastore in ESXi host
Path - the export path from your NFS server
Nfshost - ip address of your nfs server


Example
new-datastore -nfs -Name nfsdatastore -path /vol/nfsdatastore -nfshost 192.168.0.100


So you could write a command for each new datastore you wish to add to a host in to a powershell script as shown below:


new-datastore -nfs -Name nfsdatastore01 -path /vol/nfsdatastore01 -nfshost 192.168.0.100
new-datastore -nfs -Name nfsdatastore02 -path /vol/nfsdatastore02 -nfshost 192.168.0.100
new-datastore -nfs -Name nfsdatastore03 -path /vol/nfsdatastore03 -nfshost 192.168.0.100


As we are scripting we should try to store all datastore information in a csv file so that we just loop the command and pull in the required variables from the csv.

Steps to creating the script using powercli version 6.0.0

- Create a csv with the following headings "nfshost", "path" & "name" and save it as a csv, example datastores.csv.
nfshost = your NFS server IP address
path = path to the export of your NFS datastore
name = name you wish to give the datastore in ESXi host







- We now can build the script and below is the script that I have built







Explanation of the script

Line 1 - We are storing the path to the csv file to a variable named $DatastoreCSVPath.

Line 2 - We are using "import-csv" cmdlet to import our CSV file from variable $DatastoreCSVPath to a new variable $DatastoresConf.

Line 3 to 6 - We will use the "foreach" loop method to help us loop through the data stored in variable $DatastoresConf". Line 5 is the main script of the work and you can see I am using the cmdlet "new-datastore".

Three key values are needed which are "Name", "Path" and "Nfshost" to complete a mount of a datastore. We have stored those values in the variable $Datastore as an array of objects now. To use them we would need to reference them by VariableName.ValueName. So with my example it would be $datastore.name or $datastore.path or $datastore.nfshost as those are the only three value names/headers I have used in my csv file.


Line 5 - Command
New-Datastore -Nfs -Name $Datastore.Name -Path $Datastore.Path -Nfshost $Datastore.NfsHost

As you can see I have called the right fields values to the right place within the command I have issued.

That's it. This script is just a really basic one and there can be loads more added to it such as error checking, logging, mounting the datastore as read only etc.

Using script saves time and helps reduce human errors and is repeatable. Go have a play with it.







Friday, 13 May 2016

Joining PSC to an Active Directory Domain

I have deployed some Platform Services Controller (PSC) appliances to my environment but in order to be able to use Active Directory as an identity source you will need to join the PSC to the Active Directory domain. In this post I will show you two possible ways of doing it

My environment is based on using vSphere 6.0 Update 1

Command line method:

1.  Ensure you have enabled SSH so that you can use something like Putty. If it has not be enabled then you will need to log on to the appliance and change the settings there to allow SSH
2. Type in the user name "root" and password to SSH to your PSC appliance


3. Type in "shell.set --enabled True"
4. Type in "shell"
5. You will see some warning message and then be presented with the command prompt screen with the name of your PSC
 6. Type "cd /opt/likewise/bin"
 7. Type "./domainjoin-cli query" to see if the PSC is already part of the domain
 8. Using the format domainjoin-cli <Domain Name> <User> <Password> to join the PSC to a domain. Ensure the account you use has permissions to add a computer account to the domain. So example would be "domainjoin-cli ppe yungk Random"
 9. You should see the following information that is has joined the domain with the word "SUCCESS"
 10. Type "./domainjoin-cli query" and we should see the details of the PSC and the location of the object within Active Directory. You can also use Active Directory Users and Computers to check that there is a computer object there too
11. Type "reboot" to reboot the PSC 


GUI version method:

Using this method would need you to have already stool up a vCenter instance which is connected to the PSC controller

1. Log on to your vCenter instance
2. At the Navigator panel select "Administration"
 3. Select "Configuration"
 4. Select "Nodes"
5. Under "Nodes" select the PSC that you wish to join domain and on the right hand side panel, select "Manage" and then "Active Directory". The domain field should be empty
6. Click the "Join" button 
7. Check the title screen is the name of your PSC that you wish to join. Type in the domain you wish to join. Enter in the account details which has permssions to join a computer to the domain. Press "OK". Leave Orgaizational unit blank as I can't seem to find the right sytnax around this.

8.You will see a quick flash of the screen doing the task in the background. This is one of the fallbacks of using GUI to join the domain where it doesn't give you any indications if it has been successful or failed
8. Ensure you are still within the context of the PSC and click on "Actions" followed by "Reboot"
 9. An final prompt window will appear. Ensure the title is your Fully Qualified Domain Name (FQDN) of your PSC. Enter the reason for reboot and click "OK"
10. After a reboot follow steps 1 - 5 again. At step 5 you should see the domain filed with the domain the PSC has joined

Now that you have joined your PSC to your domain you can use Active Directory as an identity source. Remember to join all your PSC to the domain if you wish to use Active Directory as an identity source across your environment

Thursday, 21 April 2016

Where are the VCAPS around the world?

VMware released a blog post around the number of VCAPs around the world. The top three countries that has the most VCAP's are USA,UK and India. I noticed that in the UK there are only 448 and I happen to be one. Whoa ^_^

Wednesday, 20 April 2016

Creating a bootable USB ISO image

I was browsing across some forums and notice someone mentioning using a tool called Rufus to create a bootable USB stick from a ISO image of Windows. So I thought let me give it a go with a ESXi ISO.

In the steps below I was using Rufus version 2.8 and VMware ESXi 6.0 Update 2 ISO
  • Head over to https://rufus.akeo.ie/ and go to the download section (Only Windows version of the software is available, using Version 2.8 at the time of writing)
  • Have the USB device/key that you wish to turn it to a bootable drive plugged in to your workstation/laptop
  • Once you have downloaded the "exe", run the software and you may be promoted to allow it to run in administrator mode
  • You will be presented with the following screen
  • Under Device select the USB device that you wish to use
  • Change the volume label if you wish
  • Tick Box "Create a bootable disk using" and select the drop down arrow to change to "ISO Image"
  • Click on the "CD image" to select the image you want to use
  • Leave all the after options as they are like the above screenshot 
  • Click "Start" to start writing the image to USB device
  • You may get the following screen around the "menu.c32" which ask you whether you would like the Rufus to download a newer version to fix the issue. Select "Yes". A folder called "rufus_files" will be created in the locate of where you have ran the "exe" from

  • If you have any existing data on the USB device it will prompt you whether you would like to over write it. Click on "Yes" to continue if you are happy to overwrite the data
  • You should now see within the program window that the software is starting to write to USB


Once it is completed then the USB stick is ready to be used as a way to install ESXi. As you can see with a few simple steps above you now have a bootable USB device which has the install files for ESXi.

This could be very useful in my opinion where you can not use remote management software such as iLO to mount ISO images to install. There could come a time where you need to create custom ISO (http://goo.gl/deuRDn) but was unable to burn to a physical media. Using USB would be quicker and you could recreate the image again and again not wasting any media. This software could also be used for deploying other OS such as Linux and Windows.

Enjoy this and all credit to the people at Rufus for making such a cool tool to be used.






How to get the free version of vSphere Hypervisor

A colleague today asked me how to get the free version of vSphere hypervisor and what was the limitation of the product. Off the top of my head long way back I remembered it was just requesting the number of licences you would like to use and then you would get those. The process is pretty much the same but I thought I would share the process of obtaining those licences.

Getting the Licence
  • Go to http://my.vmware.com and if you already have an "My VMware" account then use those details to log in otherwise create one and it is free of charge to do it
  • Once you have logged in head to the top right of the page and hover across "Products" and select "Trial and Free Products"
  • On the Trial page scroll right down towards the end until you see "Download Free Products" header. Under that you should see a link for "vSphere Hypervisor (64 bit)", click on that.
  • It should now take you to VMware vSphere Hypervisor 6.0 Download Center and you should see a button to click to "Register"
  • Fill in details about yourself in the mandatory fields and scroll down the page
  • Make sure you tick the box to accept the agreement and click "Continue"
  • You should now see a under "License Information" a license key for you to use on your esxi host

To view your licence that you have you would just need to go through the first four steps above again and you should see your licence instead of the "Register" button.

Applying Licence to your host

Below I will describe how to apply the licence to a vSphere 6.0 Update 2 which includes the new host client UI.
  • Log on to your host via https://HostnameOrIP/UI using your root account
  •  Click on "Manage" on the left hand side of the menu for your host
  • Click on "Licensing" tab
  • Click on "Assign license"
  • Enter the license key that you  have obtained and select "Check license"
  •  If the key is valid you would see the screen below and you would click "Assign license"
  • You should now see your licence key applied and has no expiration date

Limitation of free vSphere Hypervisor 

As you can see once you apply the licence the feature you only get is "up to 8-way virtual SMP" and nothing else but at least it appears that there is no restriction on memory and phyiscal CPU

Wednesday, 6 April 2016

Custom ESXi Image - ISO using PowerCLI

There comes a time when you have purchased a new hardware to run your ESXi software and discover that the installable base media provided by VMware does not include the drivers or the drivers are out of date. In the world of Windows (Plug and Play) it would discover the hardware and prompt you to provide the drivers so that Windows would install/update the drivers for the hardware. For ESXi if the drivers are not present during load time then the hardware will possibly not work.

VMware uses VIB (vSphere Installation Bundle) as a way for vendors to distribute their drivers. To install these VIBs you can either use Update Manager or command line (esxcli). Now this is all good but it does mean you have to first install the base ESXi then use one of the steps above to install/update the drivers.  

Some people might feel that it is OK to update the drivers using the above methods but what if it was the network card that was the new hardware and you needed new drivers. Without the network card you wouldn't be able to use Update Manager as the host doesn't have network connectivity to vCenter. With command line you could possible mount an ISO via ILO with your drivers or use a USB stick to install but again lots of extra steps. Extra steps usually means more space for error i.e. missing a crucial step needed. 

What if you wanted to slipstream the drivers into the base installable media so that once you have installed ESXi you have all the hardware ready for you to use and not need to install additional drivers, just like Windows ?

You can do this by creating a custom ESXi build where you would add/remove the drivers that you would like in your ESXi install media. Some of the big hardware vendors such as HP and DELL already have custom ESXi builds which includes all the drivers of the hardware that they sell to run ESXi. This is so that you would not need use one of the mentioned methods above to add the drivers which means less steps for you to get your hardware working. Using these vendor images are great as it saves time, repeatable and ensures that you are using verified, tested drivers from the vendor. It also ensures that each of your build is consistent with the driver version as you roll them out.

VMware provides a method (vSphere ESXi Image Builder) to help you create your own custom ISO. You will need to use VMware PowerCLI to access this method which I will show you in this post. Using this method you are able to update existing drivers or add drivers or even remove drivers. 

My example is based on using HP's custom image as I am installing ESXi to a HP server so all the HP management and drivers VIBS are already included in this image. Where I am currently working we use Xsigo (oracle fabric interconnect) and the drivers for these are not included in the base image of ESXi so we will need to add these drivers.

There are some pre-requisites software that are needed before we start creating our custom VMware ESXi iso:
  • VMware PowerCLI (I used 6.0.0 R3) install on a server or workstation that you will be using to create our image
  • Offline binary files of vSphere ESXi 6, please note download the "zip" and not "iso" one
  • Download the driver bundle that you wish to add to your base ESXi image, for me this would be the Xsigo drivers bundle

Steps to create and add drivers to a custom ESXi image

1. Create a new directory and copy your offline bundle version of ESXi 6 and driver bundle that you wish to add to your custom ISO image. In my example I have created a directory under c:\esxi

The following steps may be applicable to you depending on the security settings you have on your machine:
  • Right select one of the "zip" files and select "properties" within the directory where all your bundle software are in the step 1
  • Check if "unblock" is selectable. If it is then select it to unblock the file. By doing this you will not need to run PowerCLI in administrator mode which makes life a bit more simpler
2. Install PowerCLI on your workstation or server if you have not done so and launch it
Optional Step - Check your version of PowerCLI is the same version as I am using in this article, run Get-PowerCLIVersion
3. We need to mount the ESXi image within our PowerCLI session so that we can select it to be used. The command to run would be Add-EsxSoftwareDepot -DepotUrl PathToYourZipFile . Make sure you select your ESXi zip file and not your driver zip file. So for my example it would be: Add-EsxSoftwareDepot -DepotUrl c:\esxi\VMware-ESXi-6.0.0-Update1-3380124-HPE-600.9.4.5.11-Jan2016-depot.zip . You should see under Depot Url the path to your zip file that you have just added.

4. Run Get-EsxImageProfile which will list the images that we can use
5. By default the image is read only and you would need to clone the image first and work on the cloned image. To do that you would need the name of the image. As you can see from the above screenshot the name is not fully displayed. So we will run the following command Get-EsxImageProfile | Select Name to just return the name of the image for us to use in the next step
6. With the above information we will now clone the image to a new one. At this step we would need to decide on the name we wish to name our image. Also we need to think of a name to fill in for our "vendor" section in the command line which is mandatory. It is up to you what you would like "vendor" to be. The command would be New-EsxImageProfile -CloneProfile ProfileNameYouWouldLikeToClone -Name NewNameForYourCustomImage -Vendor YourChoice.

For my example I decided that the new name should be the same as my image name but added "Xsigo" to the end and for the vendor I just called it "MyIT". The command I used is New-EsxImageProfile -CloneProfile HPE-ESXi-6.0.0-Update1-600.9.4.5.11 -Name HPE-ESXi-6.0.0-Update1-600.9.4.5.11-Xsigo -Vendor MyIT. Please Note this command is case-sensitive so make sure you follow the case otherwise you will get errors
7. Now run Get-EsxImageProfile | Select Name,Vendor and we should see our original image and our newly clone image to work on. You will see the Vendor name is the one you created
8. We now need to mount our drivers within the PowerCLI session so that we can add our drivers to our custom image we have created at step 6. Run Add-EsxSoftwareDepot -DepotUrl PathToYourZipFile. Make sure you select the driver zip file my example it would be Add-EsxSoftwareDepot -DepotUrl C:\esxi\xsigo_6.0.0.ESX-1vmw.600.0.0.2494585.zip. You should see under Depot Url the path to your zip file that you have just added.
9. To add the drivers to your custom ESXi iso you will need to know how many "software packages" are within your driver zip file. There are a few ways you can query your driver package like by name, version, vendor etc. I used the -SoftwareDepot which homes in to the actual path of the zip file and only return information specifically for that package. So the command would be: Get-EsxSoftwarePackage -SoftwareDepot C:\esxi\xsigo_6.0.0.ESX-1vmw.600.0.0.2494585.zip. This returned that I have 11 software packages that I would need to add to my custom image.
10. Now we have the name of the software packages (first column on above screenshot) we can use the command Add-EsxSoftwarePackage -SoftwarePackage SoftwarePackageName -ImageProfile OurCustomImageName to add the drivers. A warning here, it is possible that certain drivers need to be added first before you can do the next one as shown in the screenshot below:
As you can see I tried to add driver "net-ib-mad" but it throws an error saying it requires another component to be part of the image. Then it goes on to tell you that within your depot you already have that driver which gives you an indication to install that one first, "net-ib-core". So there could be a few trial and errors to start off with to get the right order of drivers to install.

So to give an example of the command I used Add-EsxSoftwarePackage -SoftwarePackage net-mlx4-core -ImageProfile HPE-ESXi-6.0.0-Update1-600.9.4.5.11-Xsigo
Repeat the steps until you have added all the drivers to your custom image.

11. To check if you have added all the drivers to your custom image you could do the following command $ip = Get-EsxImageProfile -Name OurCustomImageName where $ip is storing the properties of your custom image details. The command I used for the example is $ip = Get-EsxImageProfile -name HPE-ESXi-6.0.0-Update1-600.9.4.5.11-Xsigo
If we run $ip.viblist it will list all the software packages that are within our custom iso. You can go through the list manually to see if all your drivers are there or write a more custom queries to drill down to a smaller list.
  
So for me I can see from step 9 that the Creation Date for all my drivers in that particular bundle are exactly the same so I decided to use this field to help me filter down. I used the command $ip.viblist | Where-Object {$_.CreationDate -gt "04/29/2015" -and $_.CreationDate -lt "05/01/2015"}
You could run other command such as $ip.viblist | Where-Object {$_.vendor -like "intel*"} which would return packages from vendor like intel.

12. Now that we know we have our drivers in our image we need to export it to a iso format so that we can use it to install our ESXi. The command to be used is Export-EsxImageProfile -ImageProfile OurCustomImageName -FilePath FilePathAndNameOfOurISO -ExportToIso. Remember to add ".iso" to the end of your file name for your custom ISO. The command I used is  Export-EsxImageProfile -ImageProfile HPE-ESXi-6.0.0-Update1-600.9.4.5.11-Xsigo -FilePath C:\esxi\HPE-ESXi-6.0.0-Update1-600.9.4.5.11-Xsigo.iso -ExportToIso
Once the job is done you should see your iso file in the location that you have specified

Steps to remove drivers to a custom ESXi image

You normally shouldn't need to do this as when you add drivers it should automatically update the existing drivers to the new version but there could be times when it doesn't do it and you need to remove the drives first. Again using the above example

1. At step 6 once you have created your custom image and know which drivers you would like to remove use the following command Remove-EsxSoftwarePackage -SoftwarePackage SoftwarePackageName -ImageProfile OurCustomImageName. I used
Remove-EsxSoftwarePackage -SoftwarePackage nmlx4-en -ImageProfile HPE-ESXi-6.0.0-Update1-600.9.4.5.11-Xsigo
Repeat the step until you have removed all the drivers required
2. Use step 11 to help you verfiy that the drivers is no longer in the image
3. Use step 12 to then create a new iso which does not contain the drivers in your new image

As you can see it is quite easy to add/remove/update drivers in a custom ESXi image that you wish to create. You can create a custom iso which includes all the drivers for the different host that you may have in your environment. This would save time as you won't need to write documentation for each type of server hardware build. You would have one image and it will have all the drivers needed for your estate.

Enjoy

References

You may need to log in to My VMware to download the following software :

Azure Resource Support for Availability Zone

Over the years, an increasing number of services are consumed in the cloud and as architects one of the key considerations is designing the ...