win-to-vcsa-1

vCenter Server Migration Tool: vSphere 6.0 Update 2m

Last year I blogged about the vCS to vCSA converter tool that VMware Labs released as a fling and how I had used it to pretty much convert all my lab vCenters (all bar one) to vCSAs….. since then I’ve been following the releases and a few months ago I noticed the Fling was deprecated (ie you can’t download it). I didn’t think much of it as VMworld 2016 was only round the corner, so thought it might be rolled into an impending vSphere/vCenter release….. unfortunately that never quite materialised in Las Vegas, and rumours are that vSphere 6.5 might be released in Barcelona.

So I was quietly surprised when I got an email notification from VMware Blogs to inform me that a new minor update of vSphere had been released specifically for migration puposes – vSphere 6.0 Update 2m (where the ‘m’ stands for migration).

vSphere 6.0 Update 2m is an automated end to end migration tool from a Windows vCenter Server 5.5 (any update) to a vCenter Server Appliance 6.0 Update 2 (so pretty much what the Fling used to achieve).

It’s common knowledge that trying to migrate from a Windows vCenter Server (with a SQL backend) to a vCenter Server Appliance was not an easy task – in fact in 90% of my customers I’ve just told them to start a fresh rather than go through the pain of scripting a migration. However, I’m so glad that VMware have rolled out the Converter fling into an actual production release – now we have an end-to-end migration tool which takes all the pain out of the equation!

Those of you who are interested in migrating from your Windows vCenter Server 5.5 (any update) to a vCenter Server Appliance 6.0 Update 2 should download and use this release. The vSphere 6.0 Update 2m download is an ISO consisting of the Migration Tool and vCenter Server Appliance 6.0 Update 2, roughly about 2.8GB in size.

Note: you cannot use this release to deploy a new installation of vCSA! To do that you just use the vCSA 6.0 Update 2 install.

What’s Supported:

  • Previous versions of Windows vCenter Server will need to upgraded to vCenter Server 5.5 prior to migration.
  • The best thing is that all database types currently supported with vCenter Server 5.5 will be migrated to the embedded vPostgres database in the vCSA!
  • It’s worth noting that if VMware Update Manager is installed on the same server as the Windows vCenter Server 5.5, it will need to be moved to an external server prior to starting the migration process.
  • VMware and 3rd party extension registrations are migrated, but may need to be re-registered.
  • vCenter Server 5.5 both Simple and Custom deployment types are supported.
  • Configuration, inventory, and alarm data will be migrated automatically, historical and performance data (stats, tasks, events) is optional.
  • If the source was a Simple vCenter Server 5.5 install (so SSO + vCS) then it will be migrated to a vCSA with embedded PSC.
  • If the source was a Custom vCenter Server 5.5 install (so separate SSO and vCS) then it will be migrated to a vCSA with external PSC.

Somethings that are worth mentioning prior to starting a migration are:

  • It preserves the personality of the Windows vCenter Server which includes but not limited to IP Address, FQDN, UUID, Certificates, MoRef IDs.
  • Changing of your deployment topology during the migration process is not allowed. For example, if your vSphere 5.5 Windows vCenter was deployed using the Simple deployment option, then your Windows vCenter Server 5.5 will become an embedded vCenter Server Appliance 6.0.
  • During the migration process the source Windows vCenter Server will be shutdown, plan accordingly for downtime.
  • The migration tool will also be performing an upgrade, standard compatibility and interoperability checks will still apply. Please use the interoperability matrix to make sure all VMware solutions are compatible with vSphere 6.0. Also talk to your 3rd solution vendors to make sure those solutions are also compatible with vSphere 6.0.

 

The only annoying thing is that because I’ve used the fling previously to convert all my Windows vCenter Servers, I now don’t have anything I can test this migration tool on!! >_<”

I’m currently in the process of digging out an old vCenter Server 5.5 ISO so that I can deploy it and upgrade it using the new release!

 

Anyways, those of you who haven’t yet upgraded to vCenter Server 6.0 and to an appliance, now there’s no reason why you can’t as you have a fully supported tool from VMware!

Best of all, they’re in the process of improving the migration tool so that it can be used to migrate from a Windows vCenter Server 6.0 install to a vCenter Server Appliance 6.0. One feature I hope they will also include is the ability to migrate from an existing vCSA to another vCSA.

vCenter Server 6.0 Update 2m links:

 

vCenter Server Appliance – filesystem out of space

So it’s all happening this week with this upgrade/clean up of the MTI solution centre!! =)

Upon finishing all the upgrades and reconfiguring vSphere Replication and Site Recovery Manager, I noticed the DR vCSA was a bit unresponsive…. taking ages to log into Web Client (sometimes it didn’t even get that far) – signing into the VAMI, I noticed that there was a critical error regarding the log file.

vcsa01

If you weren’t aware, one of the changes to vCSA with 6.0 was the deployment of 11 VMDKs with the appliance, one for each component service of vCenter. In previous versions there were only 2 virtual disks and this proved problematic when trying to increase disk capacity for particular components of vCenter Server (ie if you only wanted to increase the log directory).

As the vCSA was running in a demo environment, I decided to only do a ‘Tiny’ install – and it turns out that vCSA just ran out of capacity for logging – a quick jump onto the console proved this to be true:

vcsa02

The following VMware KB provides details into the 11 VMDKs and what mount points are attached to each vdisk: https://kb.vmware.com/kb/2126276.

vcsa04

I followed the instructions to increase the capacity of the log vdisk (VMDK5) and then gave the vCSA a reboot…..

vcsa03

The vCSA is now healthy and back to normal. =)

As a footnote, here’s a VMware KB that explains how to increase he maximum backup size and index of the vCSA to try and resolve he issue of the log directory fill up: https://kb.vmware.com/kb/2143565

Cannot connect to vCenter Server via vSphere Client – timeout

I’ve been upgrading my company’s solution centre to vSphere/vCenter 6.0 update 2 the past week and noticed that I was having issues logging into the vCenter Server Appliances I had deployed.

It was a strange issue because I could log into the Windows vCenter Server I had deployed in my primary cluster, but couldn’t log into the vCenter Server Appliance I had deployed in my secondary cluster….. hmmm…. Web Client worked fine for both, but it was the vSphere C# client that was timing out for the vCSA!

vc01.jpg

After much head scratching and trawlling through logs (Found at C:\Users\username\AppData\Local\VMware\vpx\viclient-x-0000.log), it turns out the problem is with the default time out value of the vSphere client for authentication.

The default timeout value is 30 seconds, and my suspicion is that the vCSA was taking slightly longer to respond to authentication…. changed the value to 60 seconds and it all worked fine!

Fire up vSphere Client and connect to another vCenter Server or ESXi host, then click Edit->Client Settings. Change the Client-Server Command Timeout value to Use a custom value and the Timeout in seconds to 60.

vc02

Here’s the VMware KB article about timeout values: https://kb.vmware.com/kb/2072539, there’s also instructions on how to edit the Windows registry if you can’t bring up vSphere client.

Just for the sake of it, here’s the error log:

[viclient:Error :P: 3] 2016-09-06 10:12:35.520 RMI Error Vmomi.SessionManager.Login - 4
<Error type="VirtualInfrastructure.Exceptions.RequestTimedOut">
 <Message>The request failed because the remote server 'xxxxx' took too long to respond. (The command has timed out as the remote server is taking too long to respond.)</Message>
 <InnerException type="System.Net.WebException">
 <Message>The command has timed out as the remote server is taking too long to respond.</Message>
 <Status>Timeout</Status>
 </InnerException>
 <Title>Connection Error</Title>
 <InvocationInfo type="VirtualInfrastructure.MethodInvocationInfoImpl">
 <StackTrace type="System.Diagnostics.StackTrace">
 <FrameCount>17</FrameCount>
 </StackTrace>
 <MethodName>Vmomi.SessionManager.Login</MethodName>
 <Target type="ManagedObject">SessionManager:SessionManager [xxxxx]</Target>
 <Args>
 <item></item>
 <item></item>
 <item></item>
 </Args>
 </InvocationInfo>
 <WebExceptionStatus>Timeout</WebExceptionStatus>
 <SocketError>Success</SocketError>
</Error>
[viclient:Critical:M: 6] 2016-09-06 10:12:35.531 Connection State[xxxxx]: Disconnected
[viclient:SoapMsg :M: 6] 2016-09-06 10:12:35.532 Attempting graceful shutdown of service ...
[viclient:SoapMsg :M: 6] 2016-09-06 10:12:35.534 Pending Invocation Count: 0
[viclient:SoapMsg :M: 6] 2016-09-06 10:12:35.535 Graceful shutdown of service: Success
[ :Error :M: 6] 2016-09-06 10:12:35.543 Error occured during login
VirtualInfrastructure.Exceptions.LoginError: The server 'xxxxx' took too long to respond. (The command has timed out as the remote server is taking too long to respond.)
 at VirtualInfrastructure.LoginMain.Process(BackgroundWorker worker, DoWorkEventArgs e)
 at VirtualInfrastructure.LoginWorkerImpl.Worker_DoWork(Object sender, DoWorkEventArgs e)
...
 at System.ComponentModel.BackgroundWorker.WorkerThreadStart(Object argument)
 VirtualInfrastructure.Exceptions.RequestTimedOut: The request failed because the remote server 'xxxxx' took too long to respond. (The command has timed out as the remote server is taking too long to respond.)
 at VirtualInfrastructure.Soap.SoapServiceWrapper.DoInvokeSync(ManagedObject mo, MethodName methodName, Object[] parameters, Int32 timeoutSecs)
 at VirtualInfrastructure.Soap.SoapTransport.VirtualInfrastructure.Transport.InvokeMethod(ManagedObject mo, MethodName methodName, Object[] pars)
 at VirtualInfrastructure.ManagedObject.InvokeMethod(MethodName methodName, Object[] pars)
 at Vmomi.SessionManager.Login(String userName, String password, String locale)
 at VmomiSupport.VcServiceImpl.LoginNormally(LoginSpec loginSpec)
 at VmomiSupport.VcServiceImpl.Login(LoginSpec loginSpec)
 at VirtualInfrastructure.LoginMain.Process(BackgroundWorker worker, DoWorkEventArgs e)
 System.Net.WebException: The command has timed out as the remote server is taking too long to respond.

 --- End of inner exception stack trace ---

Modifying VMware Site Recovery Manager – Windows 2012 UAC error

I first came across this issue when helping a customer uninstall Site Recovery Manager last year and wanted to blog about it but because I was pretty busy it totally slipped my mind….. until today!! I’ve been cleaning up the Solution Centre at MTI and tried to uninstall SRM for a new build…. and came across the same Windows User Access Control error. =)

srm02

Turns out that in Windows 2012. even when you go into User Accounts to turn off the UAC, it doesn’t disable it.

srm01

There’s a Microsoft Technet article which explains how to edit the Windows Registry in order deactivate UAC.

  1. Go to Start > Run, type regedit and click OK. The Registry Editor window opens.
  2. Navigate to HKEY_LOCAL_MACHINE > SOFTWARE > Microsoft > Windows > CurrentVersion > policies > system.
  3. Right-click EnableLUA and select Modify.
  4. In the Edit DWORD window, change the Value data from 1 to 0.
  5. Restart the Windows machine and re-run the SRM uninstall program.

srm03

vmworld-2016

VMworld 2016 US – Day 2 General Session Overview

One of the issues with working and having a young family is you end up doing a full days work and going home to a baby who wants loads of attention who then doesn’t let you sleep because she’s teething….. Yup, the joys of being a parent…. but I wouldn’t give it up for anything!!

So this blog comes a few days late because I didn’t have much time to finish watching the replay of Tuesday General Session and write a blog due to already mentioned circumstances. =)

Tuesdays’ General Session replay is now available here:

So Monday was all about the transformation of the data centre, making it cloud friendly and able to support workloads wherever they’re deployed (so Any Cloud).

Tuesdays’ session was more around the End Users experience, Any Application on Any Device and I have to admit that I thought Sanjay Poonen’s demo of Workspace ONE was pretty awesome – I’ve not seen a full demo of the products capabilities but I was struck by how much you could do with the suite of products and how integrated it all was – Infrastructure, VDI, Mobile Device Management, Identity Management, Security…… Control yet Choice!!

We’ve all seen the demos of AirWatch integration, how single sign on has been implemented, we’ve seen the demos of Horizon View on tablets, etc…. what I’ve not seen before was how security could be implemented to prevent unauthorised data being published…. like the conditional-access demo of how financial data taken from a spreadsheet in Office 365 was blocked from being copied into Twitter (which was an unmanaged application). What was even more impressive was the NSX integration to use conditional-access policies (ie changes to firewall rules for a particular group of people) to prevent data being presented in a dashboard depending on whether the user is accessing it inside the corporate firewall or externally.

And I was impressed with the VMware Trustpoint demo of endpoint visibility and management, looked very simple to use to implement endpoint security.

Finally, VMware introduced a brand new technology that represents the next phase of their digital workspace vision – VMware Unified Endpoint Management (UEM) – a new architecture that brings app, desktop and mobile management together with next-gen security and identity interwoven throughout, delivering a simpler but more secure digital workspace!

 

Next up was Ray O’Farrell and Kit Colbert to talk about containers…. and how admins can extend management, monitoring and security to containers. It looks like VMware vSphere Integrated Containers will have 2 new features:

  • Admiral – which is a Container Management Portal to allow developers and app teams to manage their repositories and images.
  • Harbor – which is a Container Registry (based on Docker Distribution) which allows developers and app teams to securely store their images including management and access control.

The demo was interesting as it showed the integration between VIC and NSX and how network security can be applied to containers, as well as the integration between VIC and vROps for monitoring of containers. The demo went one step further and showed how vRA was used to automate the deployment of container hosts as well as showing access to the Container Management Portal.

There wasn’t much on Photon Platform that we didn’t already know – VIC allows IT to extend the existing infrastructure to accommodate container-based applications alongside traditional apps, and Photon Platform allows IT to build a complete computing platform solely for containers and cloud-native apps.

 

Next up was the new GM/EVP of Networking and Security to talk about NSX. If I’m honest, I found Rajiv Ramaswami a bit wooden – far different from the charisma of Matin Casado…. which is a shame as the one product everyone should get excited about this year is NSX! I have to agree with Rajiv when he says that “the single greatest infrastructure transformation he has seen” is with Network Virtualisation. Networking is undergoing a huge transformation with vendors and customers looking at transitioning from hardware-centric to software based solutions.

Not much was said about NSX that we didn’t already know….

  • Security – it does Micro-segmentation to allow you to provide fine-grained security to every VM and helps you architect security as an essential part of the data centre
  • Automation – it allows you to automate workload provisioning and cuts down deployment time because network and security can be quickly provisioned in software and attached to VMs (policy-based management)
  • Application Continuity – it enables your applications and data to reside and be accessible anywhere. In addition it can reduce your RTO when integrated into your Disaster Recovery solution.

One thing that was new was the demo of vRealize Network Insight used to create NSX pre-assessment reports. Those of you following the news will know that this has come about from the acquisition of Arkin a few months back. I’ve had a play with the Arkin tool as the VMware NSX SEs in the UK were recommending it as a Network Assessment tool for partners to use when trying to sell NSX (prior to the acquisition and release of vRNI). I really like how it graphs traffic flow and patterns, tracing network traffic between VMs and giving you deeper insight into what goes on inside your virtual environment (ie the East-West traffic flows). The other clever thing is how it is able to carry out flow analytics to provide recommendations for grouping VMs together when planning for micro-segmentation. The only issue is it needs vSphere Distributed Switches!

I quite liked the NSX Planning tool tech preview – how flows can be captured, then analysed and grouped into traffic patterns and security groups. The application map can then be used to create firewall rules based on what the tool discovered. Very clever stuff!

 

 

Finally Yangbing Li talked about Hyper Converged Infrastructure and VSAN. VSAN has come a long way since its launch a few years ago, and I see it as an enterprise-ready storage offering! HCI is a very hot topic this year, customers are now looking at HCI solutions when it comes to new projects or hardware refreshes. Hardware vendors are aware of this and there are so many different types of HCI solutions in the market today! I’ve been involved in a number of discussions with my customers around HCI and EMC/VCE VxRail in particular!

A couple of new features were introduced during the VSAN demo: software-based Encryption and Analytics. The VSAN demo with vRA showed how the performance analytics engine could pro-actively inform users that a VM should be migrated from a VSAN hybrid cluster to an all-flash cluster, and through changing the storage policy in vRA the VM was automatically migrated (in the demos case, the VM was migrated to a public cloud!). What this also underlined was how NSX was also involved in moving the network and security policies as the VM was migrated to the public cloud (although you didn’t see it in the demo). So not only did the demo show the analytics engine working, it also showed how the VMware Cloud Foundation platform could be used.

 

I don’t know if it’s just me, but it seems that everything mentioned during the two keynote sessions always reverted back to network and security, it felt that NSX was underpinning everything (Cross-Cloud Services, Workspace ONE, containers, etc). VMware are putting a lot of emphasis on Cross-Cloud capabilities and how data management and governance will play a key part of cloud consumption. I guess the VMware vision of Any Device, Any Application, Any Cloud really does require something that can govern where data sits and how it’s being consumed!

VMware NSX 6.2.4 released

So after the huge cock-up with 6.2.3, VMware have turned around a new version of NSX in a matter of weeks to fix all the bugs!

http://blogs.vmware.com/kb/2016/08/vmware-nsx-vsphere-6-2-4-now-available.html

Of major concern was the whole HA issue that meant DLR nodes got stuck in a ‘split-brain’ mode after 24 days of operations – and every 24 days after that! It also didn’t help that the previous version was causing VMs to lose network connectivity if the pMAC of the DLR was the MAC address in the default gateway.

Anyways, hopefully all the bugs have been ironed out and the new release is more stable!

Release Notes can be found here.

For some of my customers, the release of 6.2.4 brings back the vShield Endpoint management support which is great given vCNS and vShield Manager is going end of general support on the 19th Sept!

For more info about this, read my previous blog entry: NSX 6.2.3 Released – support for vShield Endpoint Management

vmworld-2016

VMworld 2016 US – Day 1 General Session Overview

So the replay of yesterdays Day 1 General Session is now online:

The biggest announcement is the tech preview of Cross-Cloud Architecture. This is obviously VMware’s next step in their “Any Cloud, Any Application, Any Device” vision.

According to VMware:
“This architecture extends VMware’s hybrid cloud strategy, enabling customers to run, manage, connect and secure their applications across clouds and devices in a common operating environment. VMware Cross-Cloud Architecture is delivered through VMware Cloud Foundation, a new set of Cross-Cloud Services VMware is developing, and VMware vRealize Cloud Management Platform.”

This new architecture gives customers a set of tools to manage their virtual estate both on-premise and off-premise across multiple clouds – a single pane of glass to manage VMs on the likes of AWS, Azure, Google, as well as vSphere clouds.

Most customers already utilise multiple clouds (unbeknownst to IT) and this new architecture will enable IT to resume control of what is out in the cloud – allowing network and security policies to be applied to workloads being deployed in the cloud. In addition to allowing migration between clouds!

Much like how vSphere ESXi was used to allow you to span multiple server hardware vendors (HP, Dell, IBM), and how NSX allows you to span multiple network hardware vendors (Cisco, Arista, Brocade), VMware Cross-Cloud Services will offer a common platform to overlay your cloud vendors to offer you the ability to deploy your applications across clouds without having to mess around with the underlying cloud services (which are inherently different depending on cloud vendor)!

VMware Cross-Cloud Services will centralize management, operations, networking, security and data management.

Cross-CloudServices

It looks like the common Network & Security piece will be handled by NSX – which will include a forthcoming feature called Distributed Network Encryption (DNE).

The Management and Visibility piece will be SaaS based (a cloud service) and allows you to connect your existing public cloud accounts to ingest those workloads into the management platform, it will then show you cost and utilisation across your clouds and allow you to deploy applications across clouds.

The other major announcement was the new VMware Cloud Foundation offering which basically bundles vSphere, VSAN and NSX into a single, fully integrated, SDDC stack that can be provisioned on premise or be run as a service in the cloud.

To quote VMware:
“VMware Cloud Foundation is a next-generation hyper-converged infrastructure for building private clouds that for the first time combines VMware’s highly scalable hyper-converged software (VMware vSphere and VMware Virtual SAN) with the world’s leading network virtualization platform, NSX. Cloud Foundation provides a consistent multi-cloud IaaS that is simple to deploy, operate, and maintain, and gives applications a consistent, scalable and highly available infrastructure services, regardless of where they run”

“The goal of Cloud Foundation is to be able to provision cloud infrastructure like you provision VMs.”

CloudFoundation

In addition to this announcement was the partnership with IBM Cloud to offer VMware Cloud Foundation as a service.

The key to the Cloud Foundation is the SDDC Manager which will be the tool for IT admins to build and maintain their cloud (making use of a lot automation policies to build the cloud and deploy workloads)

Other announcements include vCloud Availability for vCloud Director, which enables customers to leverage the vCloud Air Network ecosystem (ie VMware Partner cloud solutions) for simple, automated disaster recovery as a service (DRaaS) – much like the offering from vCloud Air DR.

VMware vCloud Air Hybrid Cloud Manager has added several major enhancements, including zero-downtime, bi-directional application migrations in and out of vCloud Air. This includes the migration of NSX security policies, providing simple migration of workloads to vCloud Air with no need for any network or security reconfiguration once the migration completes.

 

It seems that the main takeaway from yesterdays general session was that now it’s time to take back control of your cloud.

Schedule Builder now live for VMworld 2016 Europe

Schedule Builder is now live for VMworld 2016 Europe….

http://www.vmworld.com/en/europe/learning/schedule-builder.html

I’ve been checking out the content catalog for a few weeks now to try and plan my time at VMworld Europe in October.

Previous years I’ve been quite mad, dashing around to as many sessions as possible, which has been quite tiring! This year I’m planning to focus my sessions around What’s new with vSphere, NSX and VSAN. I’m also planning to spend a lot more time in the Solutions Exchange speaking to vendors who we partner with at MTI!

Anyways, if you haven’t already started scheduling your sessions then hurry up! All the good ones tend to get full very quick!

Roll on VMworld US (next week).

As a footnote – have you signed up for the live stream of the General Sessions at VMworld US?!?
http://www.vmworld.com/en/us/learning/general-sessions.html

VMware VSAN & NSX vExperts 2016 Announced

Proud to say that I’ve been chosen as a VSAN vExpert for 2016…. Honoured to have my name amongst some highly rated peers who were chosen out of the large pool of current vExperts!

I didn’t really set out to become a subject matter expert, but when VMware announced they were going to create 2 new subject tracks this year (NSX & VSAN), I thought I’d stick my name into the hat….. =)

Didn’t quite get there for the NSX track, only because I hadn’t really blogged about NSX much – which is funny considering my company is actually one of 5 focused NSX partners in UK&I…. =)

Anyways, congrats to everyone who was chosen to become a VSAN or NSX vExpert!

https://blogs.vmware.com/virtualblocks/2016/08/18/announcing-vsan-vexperts/

http://blogs.vmware.com/vmtn/2016/08/vexpert-nsx-2016-award-announcement.html

 

Roll on VMworld!! =)

NSX 6.2.3 pulled by VMware

Hmm…. well that was unfortunate timing….. I’ve been penning the last blog post for the past 2 weeks after I downloaded 6.2.3 and played around with it…. and I didn’t really double check my blog post before publishing it.

Turns out there are quite a number of bugs in 6.2.3 which was causing loss of connectivity to VMs and also issues applying DFW rules using Security Groups…. so VMware pulled the distribution last Friday!

TBH, I didn’t really encounter any issues during my deployment – probably because it’s in a lab/demo environment with not much going on. =)

Anyways, 6.2.2 is the now the latest version available for download. Only issue is I don’t think it supports vShield Endpoint/NSX Guest Introspection….. so at present vCNS 5.5.x is still required!

More info on why 6.2.3 was pulled can be found here: http://pubs.vmware.com/Release_Notes/en/nsx/6.2.3/releasenotes_nsx_vsphere_623.html