Tiny Core Linux VM 32 bit!

Just a quick post. A lot has already been written about the Tiny Core Linux VM, so I won’t repeat that.

This VM is ideal for testing purposes. For instance you are building environments based on nested ESXi hosts and you want a small VM for testing HA, network connectivity and so on.

In my case, there was only one small problem. Since vSphere 5.1, my hardware does not support running 64 bit VMs on nested ESXi hosts.

The resolution is easy, in fact this version of Tiny Core Linux is 32-bit. So after importing the .OVA, just edit the configuration. On the Options tab, change the Guest OS from “Other Linux (64-bit)” to “Other Linux (32-bit)”. That’s all.

Figure 1

Credits for the people at the Tiny Core Linux project and Iwan Rahabok for creating the .OVA. You can find it here.

vCenter Chargeback Manager – Part 3

This is the third part in a series of posts on the vCenter Chargeback Manager (vCCM, from now on). Part 1 was all about the installation of vCCM. In Part 2, the basic configuration was discussed. In this part, I will explain some of the philosophy behind the product, and start creating reports.

I suppose you have installed and configured vCCM without any problems? Did you add a vCenter server and the vCenter Chargeback Manager Data Collector is running? Fine.

By the way, these posts come from my study notes while preparing for my VCP5-IaaS certification and cover at least parts of Objective 1.1 – Install vCloud Components and Section 3 – Configure and Administer vCenter Chargeback.

A word about vCenter Chargeback Manager Users, roles and permissions.
After the installation of vCCM has finished, there is only one user, in my case I named the account “admin”. This first user has the role of Super User.  This role has all the privileges. vCCM provides a mechanism called resource-based authorization. As such vCCM works with; Resource types, Users and Groups, Roles and Permissions.
For the sake of simplicity, I will continue to work with my “admin” account.

Figure 1 – Users

Read the rest of this entry »

vCenter Chargeback Manager – Part 2

In the previous post, I have discussed the basic installation of vCenter Chargeback Manager (vCCM, from now on). In this post we will continue and show the basic configuration of the product.

I suppose you have installed vCCM without any problems and all services are running. vCCM has quite a number of services, which should  start automatically.

To log in to vCCM, you will need a supported browser, in my case IE 9 and Firefox worked well.

On the vCCM server, you launch the application from the Windows menu. From a remote workstation, provide the application URL, which was displayed after installing vCCM.

When you log in to vCCM for the first time, you will be prompted to enter a license key.

Figure 1 – License

Provide the License key and the credentials, created during the installation. When the license key has been accepted, you can log in to the application.

Read the rest of this entry »

vCenter Chargeback Manager – Part 1

The exam blueprint for the VMware Certified Professional Cloud (VCP-Cloud) certification includes several products. Of course, vSphere ESXi and vCenter Server are the basic building blocks and vCloud Director is the most discussed product. But there is another product you need to understand; vCenter Chargeback Manager (vCCM, from now on). You need to know how to install the product; also a full section of the blueprint is dedicated to configuration and administration. You need to know how to generate Reports. But before you can generate your first report, you have been through a lot of stages.

So, I expected to find a lot of posts on this subject, but I did not. For that reason, in a series of posts, I will share my experience with the vCCM. In the first part, let’s start with the installation of vCCM.

Note: In my case, I installed vCCM for training purposes. For that reason, I did not completely follow all steps and recommendations in the official documentation. So, in case, you need to install vCCM in a real-life production environment, I recommended having a look at the vCenter Chargeback Manager Installation and Upgrade Guide.

You can find the official resources here and start a free trial for 60 days. Some useful official documents are:

• vCenter Chargeback Manager Installation and Upgrade Guide
• vCenter Chargeback Manager User’s Guide
• Best Practices and Troubleshooting Guide

Read the rest of this entry »

vOPS Server Explorer 6.3 release

Today, Dell released the latest version of the vOPS Server Explorer, version 6.3 to be more precise. Last year, Dell acquired vKernel and with that, its flagship product vOPS Server Standard.

vOPS Server Explorer is a freeware suite, this version adds two new utilities, Storage Explorer and Change Explorer, plus adds improvements to Environment Explorer. So there are now a total of five utilities in the vOPS free VM tool.

• Environment Explorer
• vScope Explorer
• Search VM Explorer
• Storage Explorer
• Change Explorer

vOPS Server Explorer uses the same analytics and advisory engine from the paid vOPS Server Standard product, all five of these utilities provide virtual administrators with a rapid assessment of the state of their environment.

Figure 1 – Storage Explorer (provided by Dell)

Read the rest of this entry »

VCAP5-DCA Study Guide is now available

The content of this study guide was first published as a series of posts on this blog.

The posts were written in preparation for my VCAP5-DCA exam and are based on the official VMware Blueprint. At the time I started writing; other great Study guides were available, although most of these guides were based on the VCAP4-DCA exam.

The posts had to meet the following goals:

• Based on the official Blueprint, follow the objectives as close as possible.
• Refer to the official VMware documentation as much as possible. For that reason, every Objective starts with one or more references to the VMware documentation.
• In case the official documentation is not available or not complete, provide an alternative.
• Write down the essence of every objective (the Summary part).
• If necessary, provide additional explanation, instructions, examples and references to other posts. All this without providing too much information.

I hope all this will help you in your preparation for your exam. I welcome your comments, feedback and questions.

Download Guide: VCAP5-DCA Study Guide_20121229

VCAP5-DCA Objective 8.2 – Administer vSphere using the vSphere Management Assistant

Objectives

• Install and configure vMA
• Add/Remove target servers (Note: This Objective has been updated per 21-01-2013)
• Perform updates to the vMA
• Use vmkfstools to manage VMFS datastores
• Use vmware-cmd to manage VMs
• Use esxcli to manage ESXi Host configurations
• Troubleshoot common vMA errors and conditions

Install and configure vMA

Official Documentation:
vSphere Management Assistant Guide vSphere 5.0, Chapter 2 “Getting started with the vMA”, section “Deploy vMA”.

Summary:
The vSphere Management Assistant (vMA from now on) and the documentation can be found at: http://www.vmware.com/support/developer/vima/

Note: multiple versions are available! You can deploy vMA 5.0 on vSphere 4.0 Update 2 or later (no vSphere 5.1) and vCenter Server 4.0 Update 2 or later. The vCenter Appliance 5.0 is also supported. After installation, you can target even ESX/ESXi 3.5 Update 5 servers.

The vMA comes as a SUSE Linux Enterprise Server 11‐based virtual machine that includes pre-packaged software such as the vSphere command‐line interface, and the vSphere SDK for Perl. The vMA allows administrators to run scripts or agents that interact with ESXi hosts and vCenter Server systems without having to authenticate each time. The vMA comes as a virtual appliance

Under normal conditions, you will deploy the vMA in your cluster. Another way is to deploy vMA on your workstation and take it with you, with your own tools and scripts.

Read the rest of this entry »

VCAP5-DCA Objective 7.2 – Configure and Maintain the ESXi firewall

Objectives

• Enable/Disable pre-configured services
• Configure service behaviour automation
• Open/Close ports in the firewall
• Create a custom service
• Set firewall security level

Enable/Disable pre-configured services

vSphere Security Guide, Chapter 3 “Securing the Management Interface”, page 37.

Summary:
An ESXi host has a group of preconfigured services, which can be found via: Configuration, Software, Security Profile, Services Section.

Figure 1 – ESXi Services

Behaviour can be changed by selecting a service and choosing “Options”.
Services can be stopped or (re)started and the “Startup Policy” can be adjusted.

Figure 2 – Service Options

The default and recommended Startup Policy is “Start automatically if any ports are open, and stop when all ports are closed”.
If any port is open, the client attempts to contact the network resources pertinent to the service in question. If some ports are open, but the port for a particular service is closed, the attempt fails, but there is little drawback to such a case. If and when the applicable outgoing port is opened, the service begins completing its tasks. In other words, service behaviour depends on the firewall settings.

Policy “Start and stop with host” means: The service starts shortly after the host starts and closes shortly before the host shuts down.

Policy “Start and stop manually”: The host preserves the user-determined service settings, regardless of whether ports are open or not. This setting is preserved after rebooting a host.

Important NOTE: ESXi firewall automates when rule sets are enabled or disabled based on the service Startup policy. When a service starts, its corresponding rule set is enabled. When a service stops, the rule set is disabled.

Other references:

• A

Configure service behaviour automation

vSphere Security Guide, Chapter 3 “Securing the Management Interface”, page 38.

Summary:
See previous one.

Other references:

• A

Open/Close ports in the firewall

vSphere Security Guide, Chapter 3 “Securing the Management Interface”, page 34.

Summary:
An overview of the ESXI firewall configuration can be found via: Configuration, Software, Security Profile, Firewall Section.

Figure 3 – Firewall overview

After selecting a Service or Client, you can adjust the Firewall settings and depending on the Service, the Service Options become available (see previous section).

Figure 4

You can specify which networks are allowed to connect to each service that is running on the host.

You can use the vSphere Client or the command line to update the Allowed IP list for a service. By default, all IP addresses are allowed.

Other references:

• A

Create a custom service

vSphere Security Guide, Chapter 3 “Securing the Management Interface”, section “Rule Set Configuration Files”, page 34.

Summary:
The firewall rule set definitions are stored on the ESXi host in the folder: /etc/vmware/firewall.

The default file is service.xml. Depending on your configuration, additional rule sets can be found. E.g.: Adding an ESXi host to an HA enabled Cluster adds the fdm.xml rule set.

The vSphere Security Guide contains detailed information how to create a new configuration file.

Tip: you can create a new ruleset by copying an existing rule set and start editing. If you are familiar with the vi editor, stay on the ESXI host, otherwise use WinSCP to copy back-and-forth to your favourite Management station.

After adding a service, you need to refresh the firewall settings. On the ESXi host, use the following command:

# esxcli network firewall refresh

Other references:

• See also VMware KB 2008226 “Creating custom firewall rules in VMware ESXi 5.0”

Set firewall security level

???

Summary:
The following esxcli command shows some important ESXi firewall settings:

# esxcli network firewall get
   Default Action: DROP
   Enabled: true
   Loaded: true
#

For troubleshooting purposes, you can temporarily disable the firewall with this command:

# esxcli network firewall set --enabled false
# esxcli network firewall get
   Default Action: DROP
   Enabled: false
   Loaded: true
#

The default policy can also be adjusted from DROP to PASS (Not a good idea) with:

# esxcli network firewall set --default-action true
# esxcli network firewall get
   Default Action: PASS
   Enabled: true
   Loaded: true
#

You can also completely shut down the firewall:

# esxcli network firewall unload
# esxcli network firewall get
   Default Action: PASS
   Enabled: true
   Loaded: false
#

Figure 5- Firewall Unloaded

Other references:

• A

VCAP5-DCA Objective 9.2 – Install ESXi hosts using Auto Deploy

Objectives

• Install the Auto Deploy Server
• Utilize Auto Deploy cmdlets to deploy ESXi hosts
• Configure Bulk Licensing
• Provision/Re-provision ESXi hosts using Auto Deploy
• Configure an Auto Deploy reference host

To start with, the official and some other useful documentation on this objective:

• vSphere Installation and Setup Guide, Chapter 5
• vSphere 5.0 Evaluation Guide Volume 4 – Auto Deploy
• vSphere 5.0 Evaluation Guide Volume 1, section on Image Builder, page 91.
• Understanding vSphere Auto Deploy
• Video vSphere Auto Deploy Demo
• Good reading on Auto Deploy Rules and Rule Sets by Joe Keegan (thanks Joe!).
• VMware Blogs Using the vSphere ESXi image Builder CLI by Kyle Gleed.

Probably useful, but not in the official Curriculum:

• vSphere Auto Deploy Gui 5.0

A few words on this Objective. Imho Auto Deploy is a though subject you cannot learn by reading manuals, tutorials and blog posts. You should really play a lot in a home lab or test environment to get a good understanding on the architecture of Auto Deploy and the components. The vSphere Installation and Setup Guide presents a lot of information, but is a bit overwhelming. In my case, I have followed these steps:

• I have Prepared my home lab for Auto Deploy. I have watched Trainsignal vSphere 5 Training, lesson 28 on this subject. Also this post “Using vSphere 5 Auto Deploy in your home lab” by Duncan Epping was very useful.
• In a small home lab you will practice by using nested ESXi servers, read this post by Eric Gray, or this post by Vladan Seget.
• The vSphere 5.0 Evaluation Guide Volume 4 – Auto Deploy was also very useful for a good understanding on how to set up Deploy Rules. In this guide the three Deploy Rules (Image Profile Rule, vCenter Folder/Cluster Rule and Host Profile Rule) are being used.
• Get familiar with the commands presented in the Get-DeployCommand. Joe Keegan’s post helped me lot understanding the Deploy Rules
• The vSphere 5.0 Evaluation Guide Volume 1, has a nice introduction on the Image Builder. A useful exercise is trying to upgrade the Image Profile (for that reason I have started with a rather old one)
• The last step so far is reading Chapter 5 in the vSphere Installation and Setup Guide to glue everything together.

Figure 1 – Auto Deploy Overview (Graphic provided by VMware)

Read the rest of this entry »

VCAP5-DCA Objective 9.1 – Install ESXi hosts with custom settings

Objectives

• Create/Edit Image Profiles
• Install/uninstall custom drivers
• Configure advanced bootloader options
• Configure kernel options
• Given a scenario, determine when to customize a configuration

Create/Edit Image Profiles

Official Documentation:
vSphere Installation and Setup Guide, Chapter 6 “Using vSphere ESXi Image Builder CLI”,  page 123.

Summary:
The Image Builder CLI, is a set of PowerCLI Cmdlets that allows you to create and maintain custom ESXi images used to deploy hosts in your vSphere 5.0 environments.

The Image Builder creates Custom Image Profiles that can be exported to:

• ISO images;
• Offline depot (ZIP file), to be used by vSphere Update Manager or by the esxcli software vib command.

Figure 1 (Source: VMware)

The Concepts of Image Builder are explained in vSphere Installation and Setup Guide , Chapter 6, “Using vSphere ESXI Image Builder CLI”, page 123.

Read the rest of this entry »