Thursday, June 15, 2017

How to Enable Encryption on vSAN 6.6

Encrypting a vSAN 6.6 Datastore

Step 1: Select your vCenter Server, click on Configure, select Key Management Servers and click on the Green Plus Sign. Specify the name of the KMS cluster, the IP address and a port to use. Currently, there are two supported KMS Servers (Hytrust and EMC). The KMS servers need to be KMIP 1.1 compliant.

Step 2: You will have to establish a trust relationship with the KMS server. Since different KMS servers are supported, you will have to select the type of certificate to download. Different choices are available.

Step 3: Verify that the connection state is Normal and that the procedure succeeded.

Step 4: Select your vSAN cluster, click on Configure, select General and click on Edit. Enable Encryption. The KMS related information should be automatically populated. Click on OK.

Step 5: Once you enable Encryption, every disk will be reformatted. This process will take time. The amount of time will depend on how many drives need to be formatted and the size of the drives.

Once this is done, the entire datastore is encrypted. Encryption works with both the hybrid solution as well as the all-flash. If new servers are added to the cluster, the disk groups created on the new host will be formatted to support encryption.

Tuesday, May 30, 2017

Inducing Failures on a Virtual SAN cluster

The coolness of python scripts.

One of the many tools available for testing Virtual SAN is a buried python script called vsan.DiskFaultInjection.pyc. Located in the /usr/lib/vmware/vsan/bin directory, this utility can generate permanent or transient errors.

Using the -h option (for help), an administrator can see the options available for this command. Only to be used pre-production, this script can generate failures to allow the user to understand what happens in such cases.

Below is an example of what happens when a capacity disk is affected by such permanent failure. In the case of a raid5 virtual machine, the virtual machine would continue to run. If enough servers and/or disks are available, the rebuilding of the date would take place immediately.

Errors would be seen everywhere, notice the capture below.

The -c (clear option) would remove the injected error. Enjoy.


Sunday, May 28, 2017

Installing the vCenter Appliance on a One Node vSAN Cluster

Virtual SAN 6.6 introduces a graphical method to install a vCenter appliance on a freshly installed esxi host in order to eventually install and configure v vSAN cluster. The required software versions are: ESXi 5310538 , VC 5318154

As you start a fresh install, notice that the latest version of vSphere 6.5 introduces a new option that allows to "Install on a new Virtual SAN cluster containing the target host". Proceed with a normal installation.

Select the vCenter option with the embedded PSC.

Select the esxi host that will host the new vCenter appliance.

Name the appliance and provide the root password.

Here is where you see the big difference. Notice the option at the end. Select it.

Name your future datacenter and cluster.

Specify which drives will be used for the Virtual SAN datastore. Indicate which drives will be used for cache and capacity.

The rest is pretty much the same, provide the network related information and continue  as usual.

Once the installation is done, the administrator can verify that the vCenter is in working order.

Once the vCenter appliance is running, log in, create the vmkernel port for Virtual SAN on that node and proceed as usual. Add the remaining servers and their vsan ip addresses and you are done.

Tuesday, May 9, 2017

When 100% cpu utilization is not really 100%

100% does not always mean 100%

Some people mistakenly look at tools inside of a guest operating system (for example,  the task manager) and when faced with 100% cpu utilization, they automatically believe that such virtual machine needs more vcpus.  Not necessarily. You really need to look at what is taken place on the host and compare the results. Remember that the guest OS is not aware of what is actually happening on the host. 

Notice that this case this virtual machine running Windows displays 100% cpu utilization. 

However, notice that the esxi host does not have any of the logical cpus at 100% and that virtual machine is NOT using 100% of the actual lcpu (core). Notice the %MLMTD column and %RDY.

In this case, the reason is due to a cpu limit. Notice the capture below. This virtual machine has the limit set to 50% of the maximum number of cpu mhz. Yet, the guest OS is not aware of this.

Sunday, April 23, 2017

How To Install Esxi From USB

Installing esxi to a usb device is simple, just insert a cd and during the installation point to a usb device. This shows how to prepare a bootable usb device that allows you to install esxi onto any type of device.

Step 1: Launch your browser and point to

Step 2: Download and launch unetbootin. Point to your .iso image and click OK.

Step 3: Click on Exit.

Step  4: Verify the contents of your USB drive.

Step 5: Boot your future esxi host from USB and start the installation.

Friday, March 31, 2017

PowerCLI using Linux

How to Install and Use PowerCLI from Linux. 


Don't expect to find all the commands typically found in the Windows counterpart.
Good luck finding autodeploy, imagebuilder and vum commands.

1. From a Linux system (Ubuntu in my case), launch your browser and to to

2. Find PowerCLI Core and download it. In the process, download the Instructions.pdf.

3. Download PowerShell for Linux using the curl command.

# curl -SLO

4. Install the package by force using the dpkg command.

# sudo dpkg -i powershell*.deb
# sudo apt-get install -f

5. Verify the package is install with the dpkg -l command

6. Create the Modules directory for PowerCLI

# mkdir -p ~/.local/share/powershell/Modules

7. Copy the PowerCLI file and extract it.

# cp PowerCLI_Core* ~/local/share/powershell/Modules

8. Extract the zip files, including PowerCLI.ViCore and PowerCLI.Vds. Verify the contents.

# cd ~/local/share/powershell/Modules
# unzip
# unzip

9. Launch powershell

10. Import the PowerCLI Modules

11. Verify the are loaded

12. Instruct powercli to ignore invalid certificates and use it.

Some useful links:

Tuesday, March 21, 2017

Storage IO Control in vSphere 6.5

What is Storage IO Control?

Storage IO Control is used to control the IO usage of virtual machines and gradually enforce pre-defined shares. Shares can be high, medium or low. This feature was introduced in vSphere 4.1 and requires the Enterprise Plus License.

Step 1: Create a datastore. VMFS was used in this case and a datastore called dy (datastore y) was created.

Step 2: SIOC is now managed via IO Filters Providers. You can easily see the filters are registered automatically. You can select the vCenter server and see these filters.

Step 3: To enable SIOC on a datastore, right click on the datastore and enable SIOC.

Step 4: Next, create a virtual machine policy. Click on Home and select VM Storage Policies to create a new SIOC policy.

Step 5: Name the policy and click on Next.

Step 6: Select SIOC and select High, Medium or Low Shares.

Step 7: Now, apply the policy to the virtual machine. Right click on an existing virtual machine  and edit Storage Policies. Select the policy to use and select Apply All.