VMware announces vSphere 6.5!

Today at VMworld Europe, VMware announced vSphere 6.5. This highly anticipated release promises to deliver on several key features and components that have been in the works for some time. Among the anticipated features are native backup and restore of the vCenter 6.5 appliance, the HTML 5 vSphere Client, native HA for the vCenter 6.5 appliance, Update Manager integrated with the vCenter 6.5 appliance. This release also brings VMotion encryption, VM disk level encryption, vSphere integrated Containers, major enhancements to DRS, dramatic improvements to API and automation capabilities with enhancements to REST APIs and CLI’s as well as improvements to the logs and integrated GUI for Auto Deploy, to name a just a few.
For more information on the vSphere 6.5 announcements visit VMware’s vSphere Blog posts:

Introducing vSphere 6.5
What’s New in vSphere 6.5: vCenter Server
What’s new in vSphere 6.5: Security
What’s New in vSphere 6.5: Host & Resource Management and Operations

The vSphere 6.x product page at VMware.com also highlights the product versions and licensing:

vSphere and vSphere with Operations Management

With VMworld Europe 2016 underway, expect more announcements from VMware.

VMware KB: NSX for vSphere 6.1.3 is compatible with vSphere 6.0, but new vSphere 6.0 features have not been tested with NSX

VMware KB: NSX for vSphere 6.1.3 is compatible with vSphere 6.0, but new vSphere 6.0 features have not been tested with NSX.

We have been waiting for this update to be released since it was mentioned at PEX in February. Now to get it into the lab!

vSphere Client 5.5 Update 2 now has the capability to edit VMs with VM hardware version 10

With the release of vSphere 5.5 Update 2 last week, the vSphere client now has the ability to edit the properties of VMs with hardware compatibility level set to version 10.

With previous versions of the vSphere Client ( aka as the “C# Client”), the following error message is displayed when you attempt to edit a VM with hardware version 10:

You cannot use the vSphere client to edit the settings of virtual machines of version 10 or higher. Use the vSphere Web Client to edit the settings of this virtual machine.

The VMware vSphere Blog article: http://blogs.vmware.com/vsphere/2014/09/using-vsphere-5-5u2-client-edit-settings-virtual-machines-version-10-higher.html describes the capabilities and includes a link with a typo for the following KB article: http://kb.vmware.com/kb/2061336.

For more information on the resolved and known issues with vCenter 5.5 Update 2, see the release notes at: https://www.vmware.com/support/vsphere5/doc/vsphere-vcenter-server-55u2-release-notes.html

vSphere: What’s New [V4.x to V5.5] supplemental weblinks

Various weblinks from the vSphere: What’s New [V4.x toV5.5] course-

http://packetlife.net/blog/2008/oct/18/cheat-sheets-tcpdump-and-wireshark/

Click to access tcpdump.pdf

Enabling vSphere Distributed Switch health check in the vSphere Web Client
Enhanced LACP Support on a vSphere 5.5 Distributed Switch

http://en.wikipedia.org/wiki/NetFlow

http://blogs.vmware.com/vsphere/2011/08/vsphere-5-new-networking-features-netflow.html

http://v-reality.info/2012/02/setting-up-netflow-on-vsphere-distributed-switch/

http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=2032878

https://communities.intel.com/community/wired/blog/2010/09/07/sr-iov-explained

http://blog.scottlowe.org/2009/12/02/what-is-sr-iov/

http://www.youtube.com/watch?v=4l6T7bHNKeo – Flash Read Cache

Click to access VMware-vSphere-Flash-Read-Cache-FAQ.pdf

vSphere tags – http://www.youtube.com/watch?v=lQnSzP7kj7E

VDP Direct to Host restore – http://www.youtube.com/watch?v=TF7TnFncsgk

New VMware vSphere Blog post on ESXi console lockdown

This week I am back in the classroom teaching a vSphere 5.5: Install, Configure and Manage class for VMware in Sacramento, CA. During the first few sections of the class, the ESXi user interfaces and basic configuration tasks are presented, including an overview of the tasks that can be accomplished with DCUI (Direct Console User Interface). The topic of lockdown mode is mentioned as well as how to configure an ESXI host to use Active Directory for user authentication and a little advice on user account best practices. As part of the discussion, I bring up the use of an “ESX Admins” group in Active Directory, the treatment of the Root user password as an “in case of emergency” item to be tightly controlled and the use of lockdown mode.

Today when I was leaving class, I was happy to see a new blog post from Kyle Gleed of VMware entitled: “Restricting Access to the ESXi Host Console – Revisiting Lockdown Mode” and in particular his 5 step recommendation on restricting access to ESXi with version 5.1 or later:

1. Add your ESXi hosts to Active Directory. This not only allows users to use their existing active directory accounts to manage their ESXi hosts, but it eliminates the need to create and maintain local user accounts on each host.

2. Create the “ESX Admins” Group in Active Directory and add all your admins as members to this group. By default, when an ESXi hosts is added to active directory the “ESX Admins” group is assigned full admin privileges. Note that you can change the name of the group and customize the privileges (follow the link for information on how to do this).

3. Vault the “root” password. As I noted above, root is still able to override lockdown mode so you want to limit access to this account. With ESXi versions 5.1 and beyond you can now assign full admin rights to named users so it’s no longer necessary to use the root account for day-to-day administration. Don’t disable the root account, set a complex password and lock it away in a safe so you can access it if you ever need to.

4. Set a timeout for both the ESXiShellTimeOut and the ESXiShellInteractiveTimeOut. Should you ever need to temporarily enable access the ESXi Shell via SSH it’s good to set these timeouts so these services will automatically get shutdown and idle SSH/Shell sessions terminated.

5. Enable Lockdown Mode. Enabling lockdown mode prevents non-root users from logging onto the host console directly. This forces admins to manage the host through vCenter Server. Again, should a host ever become isolated from vCenter Server you can retrieve the root password and login as root to override the lockdown mode. Again, be sure not to disable the root user . The point is not to disable root access, but rather to avoid having admins use it for their day-to-day activities.

Terrific advice and I appreciate the timing, I will definitely refer to this in class this week and in the future!

 

Here is a hidden gem from VMware!

This week, while participating in a VMware vSphere” What’s New [v4.x-v5.5] train the trainer class, I came across this site: vmwarewalkthroughs.com. The site has walk throughs for the vCloud Suite, VMware NSX, VSAN and vCAC/Big Data.

vmwarewalkthroughs
Select the product from the home page.

VSANwalkthrough-1 NSXwalkthrough vCACwalkthrough vcloudwalkthrough
Then select the specific walk through from the navigation menu on the left.

vsanwalkthrough
Each walk through is guided by instructions and highlighted selections.

While the walk through is not really hands-on they do give you a good idea of the steps required to setup and perform administrative tasks with the various products.

For someone who is looking for a way to get a basic understanding and exposure to the products, this site is an excellent resource.

Upgrading vCenter Server to 5.5 in my lab – part5

Upgrading Update Manager

Read the following KB article:

Upgrading to vSphere Update Manager 5.5 on a Microsoft Windows platform (2058423)

Upgrade procedure:

Mount the vSphere 5.5 installation media. The installation wizard appears.

In the left pane, under VMware vCenter Support Tools, click vSphere Update Manager and then click Install.
vum55-01

Note: If any of the prerequisites are not met, they are listed in the right pane under Prerequisites.

Select the appropriate language from the dropdown and click OK.

If a previous version of vSphere Update Manager is already installed, the installer displays the message:
An earlier version of VMware vSphere Update Manager is already installed on this computer. Click OK to upgrade to 5.5.0
vum55-03
Click OK.

In the welcome screen, click Next.
vum55-04

Review the End User License Agreement. If you agree, select the I accept the terms in the license agreement option and click Next.

Optionally, select the Download updates from default sources immediately after installation option and click Next.
vum55-05
Note: This option automatically checks for downloading updates. If you want to review the default download sources or configure vSphere Update Manager to use a shared repository, deselect this option.

Enter the vCenter Server URL and a username and password and then click Next.
vum55-06

Notes:
If the Fully Qualified Domain Name (FQDN) or IP address of the vCenter Server and/or the username are not auto-populated, enter the FQDN and/or username manually.
Ensure that the username entered has a minimum of Register extension privilege to be able to register vSphere Update Manager with vCenter Server.

When prompted, enter the database user name and password for the existing database and click Next.
vum55-07

Select one of these options when prompted with a database upgrade warning:
vum55-08

Upgrade existing Update Manager database
     Note: You must acknowledge that a backup has been taken of the Update Manager database.
Do not upgrade the existing Update Manager database

Click Next.

Optionally, from the dropdown, select either the IP address or the FQDN of vSphere Update Manager and then, check if the alternative TCP port numbers for the SOAP, Web, and SSL ports of vCenter Server appear and then click Next.
vum55-09

Note from the KB article: These fields are automatically populated with the appropriate URL and port numbers if the service is installed in the current system. The default ports are 8084, 9084, and 9087 respectively. Ensure that vCenter Server and the ESXi/ESX hosts can resolve the vSphere Update Manager.

Note: The next few steps from the Upgrade procedure were not required in my upgrade. The settings from my previous installation were reused including the patch repository location.

Optionally, select the Yes, I have Internet connection and I want to configure proxy settings now option and click Next.

Provide the proxy server address and the proxy server port and then click Next.

Optionally, select the Authenticate proxy using the credentials below option if your proxy server requires authentication and then click Next.

Optionally, provide an alternative installation location and then click Next.
Note
If the current system does not have 120 GB of disk space available, a warning is displayed when you click Next. Click OK to acknowledge the warning.

In the Ready to Install screen, click Install to start the installation.
vum55-10

Installing…

When the installation completes, click Finish.
vum55-11

Installed programs shows the upgraded vCenter Update Manager:
vum55-12

Update Manager Client Plug-in Install

Connect the vSphere Client to a vCenter Server system with which Update Manager is registered.

Select Plug-ins > Manage Plug-ins.

In the Plug-in Manager window, click Download and install for the VMware vSphere Update Manager extension.
vum55-13

If you receive a security warning, click Run.
vum55-14

Choose the appropriate language.
vum55-15

On the Welcome screen, click Next.
vum55-16

Review the End User License Agreement. If you agree, select the I accept the terms in the license agreement option and click Next.

On the Ready to install page, click Install.
vum55-17

If you are prompted by User Access Control, Click Yes.

Installing…

Complete the Update Manager Client installation, and click Finish.
vum55-18

The status for the Update Manager extension is displayed as Enabled.
vum55-19

Click Close to close the Plug-in Manager window.

With vSphere Update Manager upgraded, I can now experiment with upgrading ESXi hosts from 5.1 to 5.5 automatically. There are still a few components left to upgrade, including the vSphere ESXI dump collector, the vSphere Syslog collector and vShere Auto Deploy. More posts to follow!

Upgrading vCenter Server to 5.5 in my lab – part 1

Upgrading vCenter Server 5.1 update 1 to 5.5 in my lab
Part 1

This past summer I had a student in one of my vSphere 5.1 Install, Configure and Manage courses who had attempted an upgrade from an earlier version of vSphere to 5.1 with disastrous results. This fellow was hopping mad and was not impressed by me asking him if he had read the upgrade guides or knowledgebase articles covering the proper sequence and compatibility issues he had encountered.

So with him in mind, I am documenting the process I followed to upgrade my lab vCenter Server and related components to vCenter Server 5.5.

My vCenter system is split between two windows 2008 R2 VMs. The vCenter server, SSO, Inventory service, ESXi Dump collector and vSphere Syslog Collector are on “vc5.mylab.local,” while the vSphere Web Client and vCenter Update Manager are installed on “app-01.mylab.local.” I have another Windows 2008 R2 VM running MS SQL Server 2008 R2 that handles the vCenter and Update Manager databases.

Here are the beginning software versions on my Windows 2008 R2 vCenter VM
vc55upgrade-01

In order to avoid the difficulties my former student encountered with a similar upgrade, check out the following before getting started with the upgrade:

VMware Product Interoperability Matrixes

vSphere Upgrade Guide

Best Practices for vCenter Server Upgrades

Required Information for Installing or Upgrading vCenter Single Sign-On, Inventory Service, vCenter Server and the vSphere Web Client  — Print this topic and use it as a worksheet for the upgrade and save it for later so you have the answers for the next upgrade!

Update sequence for vSphere 5.5 and its compatible VMware products (2057795)

Upgrade the various products in numerical order.

vc55upgrade-02

From the KB article:
Before you update the vCenter Server, disable vCenter Server from vCloud Director. Also ensure that you stop or disable other VMware services so that they do not communicate with vCenter Server during the update process.

In this article I will be running through the upgrade to vCenter Server 5.5 and its related products. The VMware KB article Methods of upgrading to vCenter Server 5.5 (2053130) describes the requirements for upgrading to vCenter 5.5. I will be following the order specified in the section “Upgrading components separately for vCenter server 5.5”:

  1. Upgrade vCenter Single Sign-On.
    For more information, see Upgrading to vCenter Single Sign-On 5.5 on a Microsoft Windows platform (2058249).
  2. Upgrade vSphere Web Client.
    For more information, see Upgrading to vSphere Web Client 5.5 on a Microsoft Windows platform (2058265).
  3. Upgrade vCenter Inventory Service.
    For more information, see Upgrading to vCenter Inventory Service 5.5 on a Microsoft Windows platform (2058272).
  4. Upgrade vCenter Server.
    For more information, see Upgrading to vCenter Server 5.5 on a Microsoft Windows platform (2058275).
  5. Upgrade vCenter Update Manager.
    For more information, see Upgrading to vSphere Update Manager 5.5 on a Microsoft Windows platform (2058423).

 

Upgrading vCenter Single Sign-On

Read the KB article below:
Upgrading to vCenter Single Sign-On 5.5 on a Microsoft Windows platform (2058249)

Information Required for vCenter Single Sign-On Installation

Follow the steps outlined in this KB article to back-up the existing 5.1 SSO database:

Backing up and restoring the vCenter Single Sign-On (SSO) 5.1 configuration (2034928) (You will need the “old” SSO admin password for this.) You won’t need the password for the upgrade.

You need to make sure that forward and reverse DNS lookups return the correct information about your SSO server and the vCenter server. See DNS Requirements for vSphere.

Additionally, you need to check the SSL certificate subject name and the registry of the VM running Single Sign-on. In my case SSO and vCenter server are installed on the same VM.

The registry key to check is referenced in this KB article:
Upgrade from vSphere 5.1 to vSphere 5.5 rolls back after importing Lookup Service data (2060511)

Check the HKEY_LOCAL_MACHINE\Software\VMware, Inc.\VMware Infrastructure\SSOServer\FQDNIp registry key value:

  • If the registry key value is an IP address, this issue might affect your system.
  • If the registry key value is set to the FQDN value you see in the certificate, your system is       not affected by this issue.

The installer will perform a prerequisite check, but it will not stop you from proceeding if the values do not match.

For example:

vc55upgrade-04

If there is a mismatch, you need to change the registry value to match the “Subject” name used for the SSL certificate.

vc55upgrade-03

 

Upgrade procedure:

Mount the vSphere 5.5 installation media.

Note: I prefer to browse the install media and launch the “autorun.exe” with the “Run as Administrator.”
If you are prompted by User Account Control, click Yes.

In the left pane, under Custom Install, click Single Sign-On Install and then click Install.
vc55upgrade-07

Note: If any of the prerequisites are not met, they are listed in the right pane under Prerequisites.

In the welcome screen, click Next.
vc55upgrade-09

If a previous version of vCenter Single Sign-On (SSO) is installed, you see this message in the welcome screen:
An earlier version of vCenter Single Sign-On is already installed on this computer and will be upgraded to vCenter Single Sign-On 5.5.0.

Review the End User License Agreement. If you agree, select the I accept the terms in the license agreement option and then click Next.

Review the Prerequisites check screen and then click Next.
vc55upgrade-11

The installer notifies that a previous version is detected and that Users, Groups, Solution Users, and Lookup Service artifacts will be migrated.

Click Next.
vc55upgrade-12

Select a deployment mode and click Next.
vc55upgrade-13

vCenter Single Sign-On for your first vCenter Server – Select this option to deploy your first SSO server. This server becomes the first SSO server in a new vSphere authentication domain.

After you select this option:
Provide a password for the SSO administrator user and click Next.
vc55upgrade-14

Note from the KB article: This dialog shows information related to a domain by the name vsphere.local.  This is not a domain that is auto-detected within the existing environment, but a net new domain used      internally by vSphere. The administrator@vsphere.local account performs the same function as the admin@System-Domain account in previous versions of vSphere. For more information about the administrator@vsphere.local account,  see the vSphere Software Components section of the vCenter Server and Host Management Guide.

Provide a site name and click Next.
vc55upgrade-15

Note: The site name is used in environments where there are SSO servers in multiple sites. Ensure to select this name carefully because it cannot be changed in the vSphere Web Client after the installation  completes. “Default-First-Site” is the default site name.

Optionally, provide an alternative installation location and then click Next. (I had previously installed SSO to the “D:” drive on my VM.)
vc55upgrade-18

Notes:
The installation requires 2 GB of disk space to be available.
In the vCenter Single Sign-On Information screen, click Install.
vc55upgrade-19

Installing…

vc55upgrade-20

When the installation completes, click Finish.

vc55upgrade-21

vCenter SSO 5.5 upgraded!
vc55upgrade-22

The first component is now upgraded. Next up is upgrading the vSphere Web Client to 5.5.

VCP on vSphere 4

VMware has announced the requirements and scheduled availability of the VCP on vSphere 4 certification.

From VMware’s Certification site:
There are four possible paths to acheive VCP on vSphere™ 4

  1. If you are NEW to VMware
    • Attend the VMware vSphere™ 4: Install, Configure, Manage course (first courses available in late June 2009) OR attend the VMware vSphere 4: Fast Track (available in Q3)
    • Take and pass the VCP on vSphere™ 4 exam
  2. If you are currently a VCP on VMware Infrastructure 3
    • Take and pass the VCP on vSphere™ 4 exam. This option will only be available until December 31, 2009. Beginning in 2010, VCPs on VI3 must attend the VMware vSphere 4: What’s New class in order to upgrade.
  3. If you are currently a VCP on ESX 2.x
    • Take and pass the VCP on VMware Infrastructure 3 exam
    • Take and pass the VCP on vSphere™ 4 Exam. This option will only be available until December 31, 2009. Beginning in 2010, VCPs on VI3 must attend the VMware vSphere™ 4: What’s New class in order to upgrade.
  4. If you are not a VCP on VI3, but have attended one of the prerequisite classes (Install & Configure; Deploy Secure & Analyze; or Fast Track).
    • Take and pass the VCP on VMware Infrastructure 3 exam OR attend the VMware vSphere™ 4: What’s New course.
    • Take and pass the VCP on vSphere™ 4 Exam.

Paths to VCP on vSphere 4