VMware VCP 5.5 Delta Exam (#VCP550D) Passed!

So having spent weeks months procrastinating, I finally got round to studying for my VCP 5.5 delta exam (VCP550D) and actually breezed the exam on Monday (think I scored 430 or something) – which is great as it means I’m safe for another 2 years! =)

Self-studying for exams can be quite daunting as you never know if you’re covering the right material. Having obtained my VCP5 back in 2012, I had to think carefully what the exam would contain. The blueprint to the delta exam wasn’t exactly helpful as it just looks like the VCP5.5 exam blueprint…. Plus from what a lot of people were saying online, it seemed that the majority of the exam would actually be on the new stuff!

I practically read through a heck of a lot of technical white papers over the weekend and played around with web client in order to understand how to navigate through it.
So when it came to sitting the exam on Monday, I was quietly confident that I knew enough to pass…….

Much to my surprise, my exam was just crammed full of ‘support and administration’ type questions….. I think I got about 2-3 questions on SSO, 2-3 questions on vSAN, 1 question on vFRC and quite a few (4-5) on vSOM and vDP. The rest were pretty much generic VCP exam questions – I was a little disappointed given how much I had read up on all the new stuff!! Anyways, a pass is a pass, can’t complain!

Now that I’ve passed the delta exam, I thought I’d share some of the material that I had used to study – hopefully it’ll help other people out!

What’s New in vSphere 5.5 – Platform – this was a very helpful document that explains everything new in vSphere 5.5…. whilst it doesn’t go into great detail, it does help you structure your learning by giving you topics to go off and research on!

vSphere Pricing – definitely worth understanding what each version looks like and what features are available on each version of vSphere.

vCenter Server 5.5 Deployment Guide – helps you to understand how to install vCenter Server (especially the installation process). If you don’t do this regularly then make sure you read this!
It’s good to gain an understanding of SSO and how it’s different in 5.5…. so worth reading the SSO FAQ as well as the installation process.

Virtual SAN:
The two biggest names in the community with regards to VSAN is Duncan Epping and Cormac Hogan… so there’s no better way of learning about it than to visit their blogs!
I pretty much sat through a whole evening reading up on VSAN, and I must say their blogs made far easier reading than the VMware documentation! =)
(Focus on VSAN architecture, how it’s deployed and the failure tolerance aspects)

http://www.yellow-bricks.com/virtual-san/
http://cormachogan.com/vsan/

Other docs read:
VSAN Design and Sizing Guide
VSAN What’s New

vFlash Read Cache:
vFRC white paper – good overview on what vFRC is and also how it is used.
I would also recommend you reading Duncan’s article as he gives a decent overview of the feature!

Other docs read:
vFlash Read Cache FAQ

vRealize Operations (or Ops Mgr/vSOM):
I’m fortunate enough to have deployed vRO loads of times during the vSphere Optimization Assessments that I run for my customers. As such I’m quite clued up around vRO so didn’t really read any white papers on the product. It is definitely worth having a demo environment to play around with. Read up on the badges, what they mean and what type of reports can be run.

App HA:
I didn’t get any questions on AppHA, but I did read up on the subject given it’s a new feature. I found Vladan’s overview quite useful. I also read through the Users Guide to understand how it is deployed and configured.

VDP:
Again, because I’ve deployed this quite a number of times I didn’t need to read up on it. However it’s worth referring to the white paper on VDP.

Finally, because it’s an online exam I found it useful to have my demo environment up and running (so Web Client open and vCOPs open) as it did help me answer some questions.

Anyways, best of luck….. the delta exam will be withdrawn on the 30th November 2014, so only 2.5 weeks left!! Stop procrastinating and take the exam!

EDIT: The Delta Exam deadline has been extended to 10th March 2015…. get learning! =)

VMworld Europe 2014 – Day 3 round up

Well I was planning on posting this on Thursday night, but after the flight back to Gatwick, the drive home and the unpacking, I was just too knackered to sit in front of my laptop and write a blog entry…… yesterday I got bogged down with sorting out some stuff for work which means I’m posting this update 2 days late…

So the final day of VMworld is usually a very hard slog…. not only is everyone recovering from the aftermath of the VMworld party the night before, but they’re also suffering from the effects of lack of sleep, too much booze and an overload of information from the previous breakout sessions! =)
And with that in mind I decided to schedule 5 session to attend on day 3…. clever eh?
-_-”

MGT1918 – Extending vCOPs Capabilities using Hyperic

Now for some reason I can’t find the photos I took of the slides during this session, I think I may have inadvertently deleted them off my camera…. =(
The session focused on using the Hyperic agents to help extend the functionalities of vCenter Operations Manager (or vRealize Operations). Hyperic is agent-based and so doesn’t care if it is deployed on a physical server or a VM – it integrates with the OS and auto-discovers the system resources, processes and services, and can even discover applications and their dependencies.

The session demo’d quite a few plugins (MSSQL, SAP), the one that caught my eye was the Microsoft Exchange Plugin and showed how the Exchange environment was auto-discovered and how it was viewed within the vCOPs dashboard.
It’s an “out-of-the-box” plugin that auto-discovers mailboxes, CAS components, DAGs, etc….. and for each component it has custom health definitions to provide clear understanding of the Exchange environment.

SDDC1337 – Technical Deep Dive on EVO:RAIL

So this was the 2nd topic I was looking forward to (the 1st was VVOLs on Day 2) and I actually decided to choose this session over the annual Chad & Vaughn double act (STO2496) that was happening at the same time!! =(

Thankfully I wasn’t disappointed! We had key engineers from Project MARVIN (Modular Automated Rackable Virtual Infrastructure Node) give us a deep dive on how the project came about and show us the 8-9 months lifecycle from design to the EVO:RAIL solution.

So what is EVO:RAIL? Well it’s the worlds’ first VMware-integrated hyper-converged infrastructure solution. The engineers primarily set out to create a solution that would be simple to deploy, simple to configure and simple the manage…. and they’ve achieved their goals!
Once you’ve finished racking and cabling the appliance, all you need to know is how IP addresses work, and you go from power on to a fully working VMware environment in 15mins!! O_o”
The GUI is amazingly simple and user-friendly and the demo of it actually deploying looks so easy that my 3 year old nephew (or 63 year old dad) could probably do it! (For the more techie guys, you can still get into the guts of vCenter so the underlaying software is still accessible).

In a nutshell, EVO:RAIL is a single SKU product that consists of a 2U high 4-node appliance with approximately 100GHz of compute, 768GB of memory and 14.4TB of raw storage (plus 1.6TB of flash capacity for IO acceleration). It can scale out up to 4 appliances and scaling out is as simple as connecting it in and letting the appliances auto-discover each other!
Underneath the hood, it consists of vSphere Enterprise Plus, vCenter Server Appliance, virtual SAN, Log Insight, and the EVO:RAIL Engine.
IMG_0193

The recommended maximum of VMs on a single appliance is around 100 VMs or 250 VDIs.

Unfortunately due to scheduling constraints, I didn’t have time to get to play with an EVO:RAIL appliance…. I would have loved to take up the EVO:RAIL challenge that was going on in the hang space!

TEX2692 – How to Deliver Actionable Recommendations for Alerts with vCOPs

One of the new features of the forth-coming vCOPs 6.0 is the ability to create actionable recommendations to events triggered within vCOPs. You basically use adapters to capture metrics as well as trigger actions for remediation.

It was quite a technical session, delving into how you would create XML files and workflows within vCO to help implement recommendations to an alert generated by vCOPs.
TBH, it was too much depth for me and I should have really looked at one of the other vRealize Operations sessions instead.

INF1502 – What’s New in vSphere?

Alot was discussed around what features were in vSphere 5.5u2 and vCD 5.5u2, the new vSphere for ROBO SKUs and of course the vSphere 6.0 beta program.
IMG_0223

I’ve already highlighted some of the main talking points of vSphere 6.0:

  • vMotion Across vCenter Servers – builds on the ‘share-nothing’ principle already seen in Storage vMotion.
  • Long Distance vMotion – cross-continental deployments (UK->Paris/Munich) as long as the Round Trip Time (RTT) is less than 100ms. This would obviously help with migrating between data centres across the other side of the country, maybe even help with “follow the sun” type migrations of business services!
  • Multi-vCPU Fault Tolerance – well, at least support for up to 4 vCPUs to start with! Seems they’re moving from the old ‘record/replay’ technology to ‘fast checkpointing’. I believe at present it will be limited to 8 vCPUs used per host for FT.
  • Content Library – providing storage for VM templates, ISOs and OVFs and allows publishing and versioning of the content.
  • Virtual Data Center – aggregating of resources to help automate policy-based provisioning.

SDDC2370 – VMware + OpenStack

This was an overview session (funnily the deep dive was scheduled before the overview session!), so it mainly discussed the interaction between VMware and OpenStack over the past few years. What they’ve contributed to the open source project and how they are enabling customers to adopt OpenStack.

It seems that in the market, not many people know what OpenStack is for and they were very quick to highlight that some C-level members assume that they can get rid of their virtualisation technology and simply drop in OpenStack. OpenStack is actually a framework for providing developers with APIs and tools that has to sit on top of a virtual infrastructure!
IMG_0241

OpenStack is an area I’m not very clued up on, and this session was more for me to understand what the VMware Integrated OpenStack (VIO) was about. The following slide shows how certain VMware products will integrate with OpenStack.
IMG_0247

 

So now that VMworld is over, I have to say that I’m happy that the two topics that I had earmarked to learn as much as I could on was fulfilled – the technical deep dives on VVOLs and EVO:RAIL were the two sessions I was looking forward to the most, and they didn’t disappoint!

The only criticism I have for VMworld – and it’s the same problem I experienced last year – was that the whole event is REALLY hard going for those who actually want to go to VMworld to LEARN!! If you pack your sessions full like I did, you’re pretty much running to each room due to over-running sessions and you’re also trying to find some time in between to nip to the toilet, to grab a coffee or drink, or even to grab lunch! I don’t think I ate a proper lunch on any of the days of the conference!

Then again, maybe it’s a ploy by VMware to try and get you to exercise and diet in order to rid yourself of the liquid-rich dinners!! ;oP

All in all, it was another great VMworld for me, I learnt loads and left feeling a lot more knowledgeable! =)

…… all I have to do now is download the stacks of presentations for the other breakout sessions that I couldn’t attend! >_<”

Note: If you’re UK based, then stay-tuned for the VMworld 2014 update session that I will be running alongside my MTI colleagues in the not-too-distant future!

vCenter Operations Manager – SSL Certificate issues

So during a recent deployment of vCenter Operations Manager (5.8.2) at a customer site I encountered the following error whilst trying to pair the vCOPs vApp to their vCenter Server.

vcops ssl cert

“Unable to get vCenter Server certificate chain”

This was the first time I had encountered this issue deploying vCOPs, fortunately given how much exposure I got to SSL certifications during a previous project I knew it could be down to one of 2 things….. either the SSL certificate had expired, or that it was not generated with the correct parameters.

Note: Quickest way to look at a vCenter Server’s SSL certificate is to just open a browser and point it at the vCenter’s IP address, then view the certificate…..
vcops ssl 1 vcops ssl 2
(Left – IE, Right – Chrome)

or if it’s a Windows deployment of vCenter 4.1 or later, you can find the certificate here: C:\ProgramData\VMware\VMware VirtualCenter\SSL\rui.crt (Note that c:\ProgramData is a hidden folder!).

 

It seemed that the SSL certificate was valid (expiry date was 2022), however I noticed that the public key certificate was weak as the key length was only 512 bits!!
What had happened was a previous partner had upgraded them from VI3.5 to vSphere 4.0 to vSphere 5.0 and had forgotten to re-generate the SSL certificates!
Prior to vCenter Server 4.1, by default VMware self-signed their SSL certificates with a public key length of 512 bits! So when they upgraded they kept the same SSL certificates.

Post vCenter Server 4.1, if you installed from scratch the public key length is set to RSA 2048 bits by default.
vcops ssl 3
So because the public key length was only 512 bits, vCOPs could not authenticate the vCenter Servers’ certificate (I believe it has to be a minimum of 1024 bits)!
More info from VMware’s KB here: http://kb.vmware.com/kb/2037082 and Microsoft’s KB here: http://support.microsoft.com/kb/2661254

 

As it was a production environment and they couldn’t afford to regenerate their SSL certificates, I had to ‘inject’ the vCenter Server certificate into the vCOPs VMs keystores as follows:

  1. Copy the rui.crt file (the SSL certificate) on the vCenter Server into the tmp drive of the vCOPs UI VM. (This can be easily achieved using WinSCP).
  2. Login to the console of the UI VM as root.
  3. Change to the directory where the certificate keystore is located: /usr/lib/vmware-vcops/user/conf
  4. Issue this command to add the vCenter Server certificate to the certificate store: keytool -importcert -file /tmp/rui.crt -alias https://<VC FQDN or IP>/sdk -keystore truststore -storepass oxygen
  5. Issue this command to verify that the certificate is in the certificate store: keytool -list -keystore truststore -storepass oxygen
  6. Issue this command to copy the truststore file from the UI virtual machine and paste it to the Analytics virtual machine: scp truststore secondvm-external:/usr/lib/vmware-vcops/user/conf/
  7. Restart all services with the su – admin -c “vcops-admin restart” command, or reboot the vApp from the vCOPs admin page.

Once the SSL certificate was injected into the vCOPs VMs keystore it was plain sailing and we could continue with the setup wizard.

 

Ideally if you still have weak certificates in your environment, you should really be replacing them by generating new SSL certs! =)

Upgrading vCenter Operations Manager to 5.7

So….. the penultimate piece of upgrade work planned for the DR environment is the upgrade of vCenter Operations Manager from 5.6 to 5.7.

The great thing about vCOPs is the ease of upgrading the appliance. Simply navigate to the administration page (https://vcops-ip/admin) and browse to the upgrade zip bundle! =)

1. Navigate to the admin page of vCenter Operations Manager and click on the Update tab. Click Browse and locate the vCOPs zipped upgrade bundle.
vcops1

2. Wait for the file to unpack and upload.
vcops2

3. Click Update to start the update process.vcops3

4. Click OK to proceed with the update.
vcops4

5. Watch the update, or grab a cup of tea!
vcops5 vcops6

6. Once complete, reboot the appliance.
vcops7

7. You may find that the registration of vCOPs to the linked vCenter Server will require updating. To do this browse to the Registration tab and click Update under vCenter Server Registration.
vcops7a

8. Enter the vCenter Server details and click Test Connection. If successful, click Apply.
vcops8

9. Accept the security alert that moans about the SSL certificate not being trusted – this is the new SSL certificate that was generated when I upgraded my vCenter Server Appliance.
vcops9

10. Reboot the appliance and Bob’s your uncle….. it should be up and running the latest version!

 

Simples…… *squeak*