Tuesday, December 2, 2014

How to Install and Use VMware UMDS

What is VMware Update Manager Download Service?

UMDS is a piece of software that allows you to download patches from VMware repositories without needing to have the Update Manager Server connected to the internet. This can be useful (or a must) in secure environments.

Installation Steps;

Step 1; Prepare a Windows 2008 vm and start the installation. This software can't be installed on the same machine where VUM is to be installed. The software comes in the Vcenter Server cd. Double click on the VMware-UMDS executable.


Step 2: Start the installation of Vsphere Update Manager Download Service by agreeing to the EULA.


Step 3: Decide which database to use. In this case, the embedded database is used. Notice the 32-bit DSN reference if an external database is to be used.


Step 4: Specify if any proxy settings need to be added.


Step 5: Proceed with the question about the Destination Folder.


Step 6: Depending on how the vm was created, you may see this warning.


Step 7: Let the installation proceed. Click on Finish when done.


Step 8: Open up a terminal and navigate to the directory that contains the executable. Type the command with the -h option or without any options to see the available flags.


Step 9: Run the different commands to configure UMDS and then download the patches by using the vmware-umds -D command. For example, you can run vmware-umds -S --enable-host --disable-va to indicate to avoid patches for virtual appliances.

Thursday, November 13, 2014

How to Configure Policy-Based Storage with the Web Client


Step 1: Create the datastores to be used with the Web Client or Vsphere Client. In this case, datastore "x" will be used. Once created, go to the Storage View. Select the datastore, click on Manage and select Tags. Click on the New Tag icon (first one on the left).


2. As you create a new tag, name it (Gold Tier), select New Category and name the category Storage Tiers. Click Ok.


3. Verify that the Tag was created.


4. Click on Home and select the VM Storage Policies icon.


5. Select Create a New VM Storage Policy and give it a name.


6. Click on Add tag-based rule and match it to the tag previously created.


7. Click on Finish and observe the results.


8. Associate the virtual machine to the VM Storage Policy by right-clicking on the vm and selecting All Vcenter Actions, VM Storage Plicies and Manage VM Storage Policies.


9. Verify that the virtual machine is compliant or not. In this case, the virtual machine is not in the correct location, thus non-compliant.


10. You can also select the datastore and verify how many vms associated to that datastore are compliant instead of looking at the individual vms. In this case, there was only one and was non-compliant.


Wednesday, October 29, 2014

How to configure Vsphere Replication 5.8

How to Configure Vsphere Replication 5.8

How to start:

Architect your environment. To keep it simple, I created two sites. One called DC and one called Miami.

DC Site:
1 esxi host at 10.1.1.1
1 vcenter appliance with an ip of 10.1.1.10
1 replication appliance with an ip of 10.1.1.11

Miami Site:
1 esxi host at 10.1.1.2
1 vcenter appliance at 10.1.1.20
1 replication appliance with an ip of 10.1.1.21

1. Install and configure your esxi host in your protected site

2. Install and configure your vcenter server in your protected site. Configure your Datacenter and add the esxi host to it.

3. Connect to your vcenter server with the web client and deploy your replication appliance via ovf










4. Log out of the web client and log in again. In the home page, you should see the replication icon.


5. If you want, connect to the ip address of the vsphere replication appliance using port 5480





6. Install and configure your esxi host in your recovery site

7. Install and configure your vcenter server in your recovery site

8. Deploy your replication appliance via ovf using the web client

9. Log out the web client and log in again. You should see the replication icon in place

10. In your protected site, pair up your local replication appliance to the remote



11. Right click on the vm to replicate and select Configure Replication









12. On the recovery site, open up the datastore that contains the shadow vm and verify that your have a new directory with the vmdk and -flat.vmdk files.

Vsphere Replication Recovery.

1. In the Production Site, stop the vm to recover

2. Using the web client on the Recovery Site, click on home and then click on the Replication icon


3. Click on the Monitor tab


4. Select Incoming Replications



5. Right click on the vm to recover and select Recovery



6. Follow the wizard



Wednesday, October 22, 2014

How to configure syslog with esxcli

Configuring Local and Remote Logging using the esxcli command

Local and Remote syslog functionality can be configured for a host using the esxcli command line utility, which can be used at the console of an ESXi host, in the vCLI, or in the vMA.

Open a ESXi Shell console session where the esxcli command is available, such as the vCLI or on the ESXi host directly.

If you want to display the current options for syslog, type the following.

# esxcli system syslog config get


Default Network Retry Timeout: 180
   Local Log Output: /scratch/log
   Local Log Output Is Configured: false
   Local Log Output Is Persistent: true
   Local Logging Default Rotation Size: 1024
   Local Logging Default Rotations: 8
   Log To Unique Subdirectory: false

   Remote Host: <none>

If you want to send the logs to a particular host, type the following.

# esxcli system syslog config set --loghost='tcp://10.1.1.1:514' (or udp)

If you want to specify a particular directory, type the following.

# esxcli system syslog config set --logdir=/directory1

To reload the configuration, type the following.

# esxcli system syslog reload

Log Files:

# tail -f /var/log/.vmsyslogd.err

How to Change Esxi Password Complexity

Change Default Password Complexity for the pam_passwdqc.so Plug-In in /etc/pam.d/passwd

How to edit the /etc/pam.d/passwd file

1 Log in to the ESXi Shell and acquire root privileges.

2 Open the passwd file with the vi editor.

# vi /etc/pam.d/passwd

3 Edit the following line.

password requisite /lib/security/$ISA/pam_passwdqc.so retry=N min=N0,N1,N2,N3,N4

4 Save the file.

Example: Editing /etc/pam.d/passwd

password requisite /lib/security/$ISA/pam_passwdqc.so retry=3 min=8,8,8,7,6

With this setting in effect, the password requirements are:

n retry=3: A user is allowed 3 attempts to enter a valid password.

N0=8: Passwords containing characters from one character class must be at least 8 characters long.
For example, all lowercase letters

N1=9: Passwords containing characters from two character classes must be at least 8 characters long.
For example, all lowercase or uppercase letters

N2=8: Passphrases must contain words that are each at least 8 characters long.
For example, lowercase, uppercase and numbers

N3=7: Passwords containing characters from three character classes must be at least 7 characters long.

N4=6: Passwords containing characters from all four character classes must be at least 6 characters long

Wednesday, October 8, 2014

Manipulating Users from the VMA

Adding users to an esxi host can be performed with one command from the VMA. The following command adds a user.

vi-admin@vma:~[esxi02.vclass.local]> vicfg-user -e user -o add -l user1 -p vmware1!
Created user user1 successfully.

That information can be viewed and verified from the esxi host by looking for the line containing user information in two files.

# grep user1 /etc/passwd
user1:x:1003:1003:ESXi User:/:/bin/sh

# grep user1 /etc/shadow
user1:$6$OS4AKKev$zW4osKuZW6YEBwJt03lEPIxaYaN4d5.Ai2gz79ToYNiEIZsdkmO7qW1aTjKCzhlNvgRTwb31dGwyS/RW.4Zh.:16351:0:99999:7:::

The users can be viewed from the VMA with the following command:

vi-admin@vma:~[esxi02.vclass.local]> vicfg-user -e user -o list
USERS
-----------------
Principal -: root
Full Name -: Administrator
UID -: 0
Shell Access -:1

-----------------
Principal -: dcui
Full Name -: DCUI User
UID -: 100
Shell Access -:0

-----------------
--- the rest of the output was removed ---

The following command associates a user to a particular role (read-only in this case).

vi-admin@vma:~[esxi02.vclass.local]> vicfg-user -e user -o modify -l user1 --role read-only
Updated user user1 successfully.
Assigned the role read-only

The user can be deleted if necessary with one command.

vi-admin@vma:~[esxi02.vclass.local]> vicfg-user -e user -o delete -l user1
Removed the user user1 successfully.

VCAP Storage Related Commands

When preppring for the VCAP-DCA, the command line is a must. Certain tasks can only be performed using either the VCLI or internal commands.

Here are some of the Objectives for the VCAP and the commands needed.

Disable automatic host registration

esxcli system settings advanced set -i=0 -o “/Disk/EnableNaviReg”

esxcfg-advcfg -g /Disk/EnableNaviReg


Increase Max NFS volumes

esxcli system settings advanced set -i=32 -o “/NFS/MaxVolumes”

esxcfg-advcfg -g /NFS/MaxVolumes


Increase the TCP Heap Size

esxcli system settings advanced set -i=16 -o “/Net/TcpipHeapSize”

esxcfg-advcfg -g /Net/TcpipHeapSize


Adding a LUN with an Existing VMFS Volume

esxcli storage vmfs snapshot list

esxcli storage vmfs snapshot mount -l ‘replicated_lun’

esxcli storage vmfs snapshot resignature -l ‘replicated_lun’


Understand and apply LUN masking using PSA-related commands

esxcfg-scsidevs -m

esxcfg-mpath -L | grep naa.5000144fd4b74168

esxcli storage core claimrule add -r 500 -t location -A vmhba35 -C 0 -T 1 -L 0 -P MASK_PATH

esxcli storage core claimrule load

esxcli storage core claiming reclaim -d naa.5000144fd4b74168


Unmask a LUN

esxcli storage core claimrule remove -r 500

esxcli storage core claimrule load

esxcli storage core claiming unclaim -t location -A vmhba35 -C 0 -T 1 -L 0

esxcli storage core adapter rescan -A vmhba35


Identify and tag SSD devices

esxcli storage core device list

esxcli storage nmp device list

esxcli storage nmp satp rule add -s VMW_SATP_DEFAULT_AA -d naa.5000144f60f4627a -o enable_ssd

esxcli storage core claiming unclaim -t device -d naa.5000144f60f4627a

esxcli storage core claimrule load

esxcli storage core claimrule run


Display Hardware Acceleration Plug-Ins and Filter

esxcli storage core plugin list -N VAAI — displays plugins for VAAI

esxcli storage core plugin list -N Filter – displays VAAI filter


Displaying whether the device supports VAAI and any attached filters

esxcli storage core device list -d naa.6006016014422a00683427125a61e011


Display VAAI status of each primitive on a device

esxcli storage core device vaai status get -d naa.6006016014422a00683427125a61e011


Display the current claim rules for filters and for VAAI

Filter — esxcli storage core claimrule list –c Filter

VAAI – esxcli storage core claimrule list –c VAAI

esxcli storage core claimrule add -c Filter -P VAAI_FILTER -t vendor -V vlabs -u

esxcli storage core claimrule add -c VAAI -P VMW_VAAI_VLABS -t vendor -V vlabs -u -f

esxcli storage core claimrule load -c Filter

esxcli storage core claimrule load -c VAAI

esxcli storage core claimrule run -c Filter


Unmount a Datastore

esxcli storage filesystem unmount -l vmfs_vcap_masking


Mount a Datastore

esxcli storage filesystem mount -l vmfs_vcap_masking


Upgrade VMFS3 to VMFS5

esxcli storage vmfs upgrade -l vmfs3_upgrade


Check to see if a new plug-in is registered

esxcli storage core plugin registration list


Register a plugin

esxcli storage core plugin registration add -m vcap_satp_va -N SATP -P VCAP_SATP_VA


Set a new default PSP for a SATP

esxcli storage nmp satp list

esxcli storage nmp satp set -s VMW_SATP_CX -P VMW_PSP_RR

esxcli storage nmp satp rule add -s VMW_SATP_CX -d naa.5000144f60f4627a

esxcli storage nmp satp rule list -s VMW_SATP_CX


Changing the PSP on a particular device

esxcli storage nmp device list -d naa.5000144fd4b74168

esxcli storage nmp device set -d naa.5000144fd4b74168 -P VMW_PSP_FIXED


View the device configurations for devices assigned the RR and Fixed PSPs and the generic

esxcli storage nmp psp fixed deviceconfig get -d naa.5000144ff548121b

esxcli storage nmp psp generic deviceconfig get -d naa.5000144fd4b74168

esxcli storage nmp psp roundrobin deviceconfig get -d naa.5000144fd4b74168


Set the preferred path on a device using VMW_PSP_FIXED and customize different parameters for a device using VMW_PSP_RR

esxcli storage nmp psp fixed deviceconfig set -d naa.5000144ff548121b -p vmhba35:C1:T0:L0

esxcli storage nmp psp fixed deviceconfig get -d naa.5000144ff548121b

esxcli storage nmp psp roundrobin deviceconfig set -d naa.5000144fd4b74168 -I 2500 -t iops

esxcli storage nmp psp roundrobin deviceconfig get -d naa.5000144fd4b74168


Set the device back to the VMW_PSP_RR default

esxcli storage nmp psp roundrobin deviceconfig set -d naa.5000144fd4b74168 -t default


Changing a device that is using the VMW_PSP_RR plug-in

esxcli storage nmp psp generic deviceconfig get -d naa.5000144fd4b74168

esxcli storage nmp psp generic deviceconfig set -d naa.5000144fd4b74168 -c ‘iops=5000′


iSCSI port binding

esxcli iscsi networkportal add -A vmhba35 -n vmk1

esxcli iscsi networkportal list






Source: vbyron.com

Saturday, September 27, 2014

Orchestrator 5.5 Appliance Configuration and Administration

How to Configure and Use the Vsphere Orchestrator Appliance

What is Orchestrator?

Orchestrator is a very powerful tool that simplifies the automation of complex IT tasks. It is very powerful and can be configured in older and newer versions. Here are the steps.

1. Download the ovf/ova from vmware.com/downloads

2. Burn it into a DVD (optional)

3. Connect the vsphere client to the Vcenter Server (linux or windows versions)

4. Install appliance via ovf/ova and go through the wizard. Make sure you don't install it while connected to the esxi host or you will not see the next capture. Provide the necessary settings to set up a static ip address.


5. Boot up the appliance and view the settings. Notice that the appliance uses 3gbs of ram. Do not lower that amount. Notice it uses 2 vcpus.


6. Open up the console to understand how to proceed. You will see the ports needed for additional configuration.


Note: You can always connect to the appliance to port 5480 (just like the the vcenter server).


7. Launch your browser and connect to the ip address of the appliance. Just use the ip. The browser will be redirected to port 8281.


8. Click on the Orchestrator Configuration link. You will be redirected to another page and you will have to log in. Use the "vmware" account to log in and add the password specified in step 4.


9. In order to configure Orchestrator, you will have to click take care of the ssl certificates and register the appliance with the vcenter and sso.

10. Go to the Network link and take care of the networking section.


11. Select the SSL Trust Manager tab and import the certificates of the vcenter server first and then the SSO server. The format is https://ip_of_vcenter:443/ and https://ip_of_sso:7444/


12. Go to the Authentication Tab and select SSO authentication. The format is https://ip_of_sso:7444. The user is administrator@vsphere.local and it's password. Register Orchestrator and add vsphere.local.Administrators to the group. Finally click on Orchestrator Configuration.


13. To finish the setup of the Orchestrator Appliance, click on Startup Options and restart the service.

14. Download the Orchestrator Client. Connect your browser to the appliance and download it.


15. Install the Orchestrator Client. I installed it into a Windows 7 system.



16. Log into the Web Client as administrator@vsphere.local to see if Orchestrator registered successfully..


17. Launch the Orchestrator Client and log into the appliance as administrator@vsphere.local.



18. It's finally time to test drive Orchestrator. In order to do that, you need to change from Run Mode to Design Mode. As you do that, the system will ask you to create a folder and name it. I named mine Test Workflows.


19. Right Click on the folder created and Add a new Workflow. Name the workflow. You can see in this capture that the workflow needs a name.



20. Provide a version number for the workflow and save it.


21. Go to the Schema Tab



22. Drag an Action Element to the workflow you created.



23. In the Filter Field, input vm to narrow the search of actions.



24. Select Start VM (VC Task)



25. Select the workflow and Edit it. Go to the Visual Binding Tab

26. Drag the "VM" and "Host" entries to In Parameters. Drag "Action Result" to Out Attributes. It should look like this.



27. Save

28. Test the workflow by running it.



29. Notice the results in both the vsphere client (or web client).


30. Notice the results in the Orchestrator Client.


Final Note: Take a look at what else is available. It takes less than a minute to configure some of these workflows and you can automate lots of things. For example, you can create workflows to change the number of cpus, modify the amount of RAM for a vm, remove all snapshots and so forth.