VMworld 2017 Day Three

Pfew VMworld 2017 Day Three… The best way to describe VMworld is a triathlon, you easily walk more than 10K+, you try to soak up all the knowledge and finally you party hard at all the available appreciation parties! But it’s all worth it! Meeting up with all the community people from all over the world and sharing knowledge is something really cool. If you haven’t attended VMworld before, it would be definitely something that I would advise you to put on your “To Do” list for 2018.
 

VMworld 2017 Day Three
 

VMware also announced plans to deprecate vCenter Server for Windows and the Flash based vSphere Web Client with the next major release (not update release) of vSphere. I can’t say that I’m sad to see the Flash based vSphere Web Client go… Mind you that is completely my personal opinion but I don’t think I’m the only one happy with this news 😉 .

Finally, I’ve gathered the announcements made on the third day, which you can find below.

  • Introducing VMware Skyline
  • How VMware AppDefense Enhances Security Across Clouds
  • Harnessing the Benefits of Network Virtualization With VMware NSX
  • VMware Delivers Industry-First Unified End User Experience, Management and Security Solution for All Endpoint Platforms
  • Read More

    VMworld 2017 Day Two

    While VMworld 2017 Day Two continues at full speed and I’m trying to go to as much of the outstanding sessions as I can. But unfortunately there are only 24hrs in a day. I can’t wait for all the sessions to come online and watch them all!

    VMworld 2017 Day Two
     

    Somehow it’s always the Tuesdays that is the bussiest day and funny enough also the day with the best parties. I was able to attend the Rubik party at the Marquee Nightclub and it was a good party. My props to the Rubrik party planner.

    Another thing what I did today was participating on a VMware Cloud on AWS design session. Which was an awesome thing to do! If you are going to VMworld Barcelona and you didn’t sign up for it yet do it here: Become Design Partner VMware Cloud on AWS. It will give you the opportunity to provide feedback on advanced topics to the VMware Cloud on AWS Design Team.

    Finally I’ve gathered some of the announcements made on the second day, which you can find below.

  • General Sessions Day Two – VMworld US
  • VMware AppDefense: Transforming Security in Virtualized and Cloud Environments
  • VMware, Pivotal and Google Cloud Collaborate to Unveil New Kubernetes-based Container Service – Pivotal Container Service (PKS)
  • Introducing New Digital Workspace Innovations
  • Read More

    VMworld NSX Announcements

    It’s that time of the year again, it is time for VMworld!
    And it’s going to be something special again this year, especially for everything Network Virtualization related. Everyone did their best to not spill the beans on all new nifty features that will be announced during this VMworld.
     

    What will be announced at VMworld 2017

    Some of the NSX related announcements that will be made are:

  • NSX-T 2.0
  • VMware Cloud Services Secure Networking
  • VMware Cloud on AWS
  • VMware AppDefense (previously known as Project Goldilocks)
  • vRealize Network Insight 3.5
  •  

    What’s new with NSX-T 2.0

    In case you missed the initial announcement of NSX-T you can read it here or register for session NET1510BU.

    Some of the new features of NSX-T 2.0 are:

  • Multi Domain Networking
  • Automation with OpenStack
  • CNI Integtration for Kubernetes
  • Improvements of On-Prem deployments
  • Support for Multi Off Site Clouds
  •  

    VMworld NSX-T
     

    VMware Cloud on AWS

    VMware Cloud on AWS is a VMware Service which is joint engineerd and a one stop shop for Customers.

    VCAWS
     

    This Service includes the following:

  • VMware SDDC running on AWS bare metal
  • Sold, operated and supported by VMware
  • Support for containers and VMs
  • On-Demand capacity & flexible consumption
  • Full operational consistency with On-Prem SDDC
  • Seamless workload portability
  •  

    NSX Vision

    The image below gives you an glimps into what the Network Security Business Unit (NSBU) has in store for NSX.
     

    NSX Vision
     

    AppDefense

    AppDefense will be one of the biggest announcements on the first day of VMworld. So what is AppDefense you ask? Well in short, AppDefense provides an intent-based security capability that is able to detect and block potential malicious actions and applications. The AppDefense system understands and learns what is a known good process and is also able to determine when the runtime behavior of an application deviates from its intended state. In other words, AppDefense was the missing link to provide Enterprise Security.

    Some of the features of AppDefense are:

  • Application Control
    • Comprehensive view/grouping of VMs in the datacenter
  • Runtime Anomaly Detection and Response
    • Monitor the real time state of the OS and user Applications
    • Alert and control process, network, and kernel events
  • Process Analysis
    • Built-in Process analysis engine gives overall process maliciousness as well as specific traits that are potentially suspicious
  • Orchestrate Remediation
    • Our infrastructure reach provides a more effective way to orchestrate remediation during a security incident
  • AppDefense will be (initially) deployed as SaaS service, this could be quite benefitial due to the amount of information gathered by other customers. A Proxy will be deployed on-premises to gather the information.
     

    What’s next?

    Like I desribed in an earlier blog post on the ITQ website, my main focus this year will be VMware Cloud on AWS and NSX. So please keep and eye on this site and get all the latest information on these topics.

    Read More

    Limit the number of VTEPs for NSX

    Everyone who has deployed NSX for vSphere must have configured the VXLAN Transport Parameters.

    VTEPs
     

    Nothing really fancy about this and pretty straight forward. But, what if you want to limit the number of VTEPs for NSX due to a specific requirement of the deployment? The number of VTEPs is not editable in the UI as described in the NSX documentation:

    The number of VTEPs is not editable in the UI. The VTEP number is set to match the number of dvUplinks on the vSphere Distributed Switch being prepared.

    So when you configure the VXLAN Transport Parameters for a host that is connected to a vSphere Distributed Switch (vDS) with 6 dvUplinks it will automatically create 6 VMkernel interfaces.

    VTEP-6

    But but… (due to questionable requirements) we need it only with 2 VMkernel interfaces on a vDS with 6 dvUplinks, how can we solve this? Well fire up your PowerNSX.
     

    Limit the number of VTEPs for NSX with PowerNSX

    Not familiar with PowerNSX? Well you should be, PowerNSX is a PowerShell module that contains PowerShell functions that can call the VMware NSX for vSphere API. It will make you life so much more easier and is almost indispensable when consistency and speed is key. Here you can find how to install PowerNSX and here you can find how to use PowerNSX.

    Please alter the script below to match your environment.

    After the script has run successfully, the result will be only 2 VMkernel interfaces instead of the “default” 6 VMkernel interfaces:

    VTEP-2

    Don’t forget to configure the uplink assignment on the VTEP portgroup afterwards and set the uplinks to “Active” where the VTEP VLANs are configured on and the rest to “Unused”.

    VTEP-Assignment

    Thanks to Alexander Ries for helping with the script.

    Read More

    VMworld Barcelona 2017

    While sitting on my couch browsing through emails on my phone and it suddenly went *DING* and a new email appeared with the subject “VMworld Blogger Pass, Barcelona – YOU’RE GOING!
    Wait… What?? Woohoo! VMworld Barcelona 2017 here I come!
     

    VMworld Barcelona 2017
     

    This is the first time I’m selected to receive a VMworld Blogger Pass by the vExpert Team and I’m truly grateful for this opportunity.

    While the VMware Blogger Pass covers the full conference pass but it doesn’t cover the other expenses such as flights and hotels. Luckily for me my employer ITQ sees VMworld as an opportunity to attend and share interactive sessions and group discussion with peers from the IT world.

    But if you still need a good justification for your boss to go, read this article from Fabian Lenz called “Why VMworld 2017” that contains some good reasons to convice your boss. Or even better download the “Convince Your Manager” letter from the VMworld site!

    Some handy links for VMworld:

    I hope to see you in Barcelona to chat about whatever (even non-VMware related stuff 😉 ), just say hi if you see me or hit me up on twitter @vMBaggum.

    Adiós y hasta pronto!

    Read More

    Change the vmnic order on vSphere 6.x

    There is always one ESXi host who thinks he’s special and therefore has a different configuration than its siblings. This week it was a brand spanking new UCS blade server that didn’t want to play nice and the result was a different vmnic order.

    I’ve done this fix several times before with the older versions (< v5.5) of vSphere but now it was vSphere 6.0 so the KB article 2019871 that describes how to do this up to version 5.1 did not apply any more. But all the way at the bottom there is a link to KB article 2091560 that describe how to do this with vSphere 6.x!

    How to change the vmnic order

    Log on to your “special” ESXi host with your favorite SSH client.

    Run the following command to see the current assignment of aliases to device locations:

    The output will look as follows:

    Then to reassign an alias run the following command:

    For example, if you want to swap vmnic3 and vmnic4 use the following commands:

    After you re-assigned the aliases perform a clean reboot of the ESXi host and you’re done!

    Read More

    NSX IPv6 Support

    This week I got some good questions from a customer about NSX, especially on NSX IPv6 support.
     

    NSX IPv6

    And I knew which features are not supported:

  • Distributed logical router: The DLR does not support IPv6 forwarding / routing.
  • Dynamic routing (OSPF, BGP): Only IPv6 static routes are supported on the Edge Services Gateway.
  • NAT, SLAAC and DHCPv6 on NSX Edge: The workloads should use static IPv6 address allocation.
  • But I couldn’t immediately answer the question which components of NSX supported what connectivity like IPv4, IPv6 or dual stack. To make things worse the NSX 6.2 Documentation Center does not contain a lot of information about the IPv6 support… Luckily for me (and the customer) some insiders provided me the necessary information and I would like to share this with you.
     

    Detailed NSX IPv6 Support

    (more…)

    Component Feature Support1 Notes
    VM Addressing
    Guest VM Addressing IPv4, IPv6, DS VXLAN encap packets are capable of carrying IPv6 payload. VMs can have only IPv6 static addresses. SLAAC (RA) and DHCPv6 (relay and server) are not supported
    VXLAN Transport IPv4
    NSX Manager
    NSX Manager IP IPv4, IPv6, DS
    NSX Controller
    Management IP IPv4

    Read More

    Configure vSAN with iSCSI based disks

    Every time I needed to test something on vSAN in my vLab, I had to spin up some dusty nested ESXi nodes because I don’t have the proper disks in my test NUCs. But now thanks to William Lam I found a way to allow vSAN to claim iSCSI disks and let them contribute to the vSAN Disk Group! This way I can leave the nested ESXi nodes powered off and very easily test disk and host failures and play around with the Ruby vSphere Console (RVC).

    Below you will see a 3 node NUC cluster without any local storage running vSAN! Pretty cool stuff!
     

    Configure vSAN
     

    I really hope that I don’t have to explain this, but then again better safe than sorry. 🙂

    Disclaimer !! This is officially not supported by VMware, please do not use this for production or evaluation.

    Now that’s out of the way let’s get started.
     

    Configure vSAN with iSCSI disks

    Before you continue present the iSCSI LUNs to your ESXi hosts. But be aware that you don’t share the LUNs across the ESXi hosts, present a dedicated set of LUNs for vSAN per ESXi host.

    Open the vSphere Web Client and mark one of the presented iSCSI LUNs as a Flash device.
    Click on Hosts and Clusters -> Select a Host -> Configure -> Storage Devices -> Select the iSCSI LUN to be marked as SSD -> All Actions -> Mark as Flash Disk.

    And voilà! The disk device is now marked as a Flash Disk instead of a Hard Disk.

    Repeat the last step for all your ESXi hosts contributing storage to the vSAN Disk Group!

    The next step is to SSH to your ESXi host and run the following command to allow iSCSI disks to be claimed by vSAN.

    (more…)

    Read More

    How to configure vCenter 6.5 as a Subordinate CA

    After getting super annoyed with clicking “Advanced” and then “Proceed to vCenter (unsafe)” every single time I needed to go to the vSphere Web Client it was time for me to solve this once and for all.

     
    Subordinate CA

    Let’s get started!

    Pre-requisites

  • Configured Microsoft CA (link)
  • vSphere and vCenter Certificate Templates (link)
  •  

    Generate Certificate Signing Request (CSR)

    SSH to your vCenter Server when using vCenter with the Embedded Platform Service Controller (PSC) or SSH to PSC when using the external PSC.

    Enable the BASH shell and set it to the default shell (link).

    Run /usr/lib/vmware-vmca/bin/certificate-manager and Select Option 2.

    (more…)

    Read More