VMware announces vSphere 6.5!

Today at VMworld Europe, VMware announced vSphere 6.5. This highly anticipated release promises to deliver on several key features and components that have been in the works for some time. Among the anticipated features are native backup and restore of the vCenter 6.5 appliance, the HTML 5 vSphere Client, native HA for the vCenter 6.5 appliance, Update Manager integrated with the vCenter 6.5 appliance. This release also brings VMotion encryption, VM disk level encryption, vSphere integrated Containers, major enhancements to DRS, dramatic improvements to API and automation capabilities with enhancements to REST APIs and CLI’s as well as improvements to the logs and integrated GUI for Auto Deploy, to name a just a few.
For more information on the vSphere 6.5 announcements visit VMware’s vSphere Blog posts:

Introducing vSphere 6.5
What’s New in vSphere 6.5: vCenter Server
What’s new in vSphere 6.5: Security
What’s New in vSphere 6.5: Host & Resource Management and Operations

The vSphere 6.x product page at VMware.com also highlights the product versions and licensing:

vSphere and vSphere with Operations Management

With VMworld Europe 2016 underway, expect more announcements from VMware.

VMware KB: NSX for vSphere 6.1.3 is compatible with vSphere 6.0, but new vSphere 6.0 features have not been tested with NSX

VMware KB: NSX for vSphere 6.1.3 is compatible with vSphere 6.0, but new vSphere 6.0 features have not been tested with NSX.

We have been waiting for this update to be released since it was mentioned at PEX in February. Now to get it into the lab!

vSphere Client 5.5 Update 2 now has the capability to edit VMs with VM hardware version 10

With the release of vSphere 5.5 Update 2 last week, the vSphere client now has the ability to edit the properties of VMs with hardware compatibility level set to version 10.

With previous versions of the vSphere Client ( aka as the “C# Client”), the following error message is displayed when you attempt to edit a VM with hardware version 10:

You cannot use the vSphere client to edit the settings of virtual machines of version 10 or higher. Use the vSphere Web Client to edit the settings of this virtual machine.

The VMware vSphere Blog article: http://blogs.vmware.com/vsphere/2014/09/using-vsphere-5-5u2-client-edit-settings-virtual-machines-version-10-higher.html describes the capabilities and includes a link with a typo for the following KB article: http://kb.vmware.com/kb/2061336.

For more information on the resolved and known issues with vCenter 5.5 Update 2, see the release notes at: https://www.vmware.com/support/vsphere5/doc/vsphere-vcenter-server-55u2-release-notes.html

vSphere: What’s New [V4.x to V5.5] supplemental weblinks

Various weblinks from the vSphere: What’s New [V4.x toV5.5] course-

http://packetlife.net/blog/2008/oct/18/cheat-sheets-tcpdump-and-wireshark/

http://packetlife.net/media/library/12/tcpdump.pdf

Enabling vSphere Distributed Switch health check in the vSphere Web Client
Enhanced LACP Support on a vSphere 5.5 Distributed Switch

http://en.wikipedia.org/wiki/NetFlow

http://blogs.vmware.com/vsphere/2011/08/vsphere-5-new-networking-features-netflow.html

http://v-reality.info/2012/02/setting-up-netflow-on-vsphere-distributed-switch/

http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=2032878

https://communities.intel.com/community/wired/blog/2010/09/07/sr-iov-explained

http://blog.scottlowe.org/2009/12/02/what-is-sr-iov/

http://www.youtube.com/watch?v=4l6T7bHNKeo – Flash Read Cache

http://www.vmware.com/files/pdf/techpaper/VMware-vSphere-Flash-Read-Cache-FAQ.pdf

vSphere tags – http://www.youtube.com/watch?v=lQnSzP7kj7E

VDP Direct to Host restore – http://www.youtube.com/watch?v=TF7TnFncsgk

New VMware vSphere Blog post on ESXi console lockdown

This week I am back in the classroom teaching a vSphere 5.5: Install, Configure and Manage class for VMware in Sacramento, CA. During the first few sections of the class, the ESXi user interfaces and basic configuration tasks are presented, including an overview of the tasks that can be accomplished with DCUI (Direct Console User Interface). The topic of lockdown mode is mentioned as well as how to configure an ESXI host to use Active Directory for user authentication and a little advice on user account best practices. As part of the discussion, I bring up the use of an “ESX Admins” group in Active Directory, the treatment of the Root user password as an “in case of emergency” item to be tightly controlled and the use of lockdown mode.

Today when I was leaving class, I was happy to see a new blog post from Kyle Gleed of VMware entitled: “Restricting Access to the ESXi Host Console – Revisiting Lockdown Mode” and in particular his 5 step recommendation on restricting access to ESXi with version 5.1 or later:

1. Add your ESXi hosts to Active Directory. This not only allows users to use their existing active directory accounts to manage their ESXi hosts, but it eliminates the need to create and maintain local user accounts on each host.

2. Create the “ESX Admins” Group in Active Directory and add all your admins as members to this group. By default, when an ESXi hosts is added to active directory the “ESX Admins” group is assigned full admin privileges. Note that you can change the name of the group and customize the privileges (follow the link for information on how to do this).

3. Vault the “root” password. As I noted above, root is still able to override lockdown mode so you want to limit access to this account. With ESXi versions 5.1 and beyond you can now assign full admin rights to named users so it’s no longer necessary to use the root account for day-to-day administration. Don’t disable the root account, set a complex password and lock it away in a safe so you can access it if you ever need to.

4. Set a timeout for both the ESXiShellTimeOut and the ESXiShellInteractiveTimeOut. Should you ever need to temporarily enable access the ESXi Shell via SSH it’s good to set these timeouts so these services will automatically get shutdown and idle SSH/Shell sessions terminated.

5. Enable Lockdown Mode. Enabling lockdown mode prevents non-root users from logging onto the host console directly. This forces admins to manage the host through vCenter Server. Again, should a host ever become isolated from vCenter Server you can retrieve the root password and login as root to override the lockdown mode. Again, be sure not to disable the root user . The point is not to disable root access, but rather to avoid having admins use it for their day-to-day activities.

Terrific advice and I appreciate the timing, I will definitely refer to this in class this week and in the future!

 

Here is a hidden gem from VMware!

This week, while participating in a VMware vSphere” What’s New [v4.x-v5.5] train the trainer class, I came across this site: vmwarewalkthroughs.com. The site has walk throughs for the vCloud Suite, VMware NSX, VSAN and vCAC/Big Data.

vmwarewalkthroughs
Select the product from the home page.

VSANwalkthrough-1 NSXwalkthrough vCACwalkthrough vcloudwalkthrough
Then select the specific walk through from the navigation menu on the left.

vsanwalkthrough
Each walk through is guided by instructions and highlighted selections.

While the walk through is not really hands-on they do give you a good idea of the steps required to setup and perform administrative tasks with the various products.

For someone who is looking for a way to get a basic understanding and exposure to the products, this site is an excellent resource.

Upgrading vCenter Server to 5.5 in my lab – part5

Upgrading Update Manager

Read the following KB article:

Upgrading to vSphere Update Manager 5.5 on a Microsoft Windows platform (2058423)

Upgrade procedure:

Mount the vSphere 5.5 installation media. The installation wizard appears.

In the left pane, under VMware vCenter Support Tools, click vSphere Update Manager and then click Install.
vum55-01

Note: If any of the prerequisites are not met, they are listed in the right pane under Prerequisites.

Select the appropriate language from the dropdown and click OK.

If a previous version of vSphere Update Manager is already installed, the installer displays the message:
An earlier version of VMware vSphere Update Manager is already installed on this computer. Click OK to upgrade to 5.5.0
vum55-03
Click OK.

In the welcome screen, click Next.
vum55-04

Review the End User License Agreement. If you agree, select the I accept the terms in the license agreement option and click Next.

Optionally, select the Download updates from default sources immediately after installation option and click Next.
vum55-05
Note: This option automatically checks for downloading updates. If you want to review the default download sources or configure vSphere Update Manager to use a shared repository, deselect this option.

Enter the vCenter Server URL and a username and password and then click Next.
vum55-06

Notes:
If the Fully Qualified Domain Name (FQDN) or IP address of the vCenter Server and/or the username are not auto-populated, enter the FQDN and/or username manually.
Ensure that the username entered has a minimum of Register extension privilege to be able to register vSphere Update Manager with vCenter Server.

When prompted, enter the database user name and password for the existing database and click Next.
vum55-07

Select one of these options when prompted with a database upgrade warning:
vum55-08

Upgrade existing Update Manager database
     Note: You must acknowledge that a backup has been taken of the Update Manager database.
Do not upgrade the existing Update Manager database

Click Next.

Optionally, from the dropdown, select either the IP address or the FQDN of vSphere Update Manager and then, check if the alternative TCP port numbers for the SOAP, Web, and SSL ports of vCenter Server appear and then click Next.
vum55-09

Note from the KB article: These fields are automatically populated with the appropriate URL and port numbers if the service is installed in the current system. The default ports are 8084, 9084, and 9087 respectively. Ensure that vCenter Server and the ESXi/ESX hosts can resolve the vSphere Update Manager.

Note: The next few steps from the Upgrade procedure were not required in my upgrade. The settings from my previous installation were reused including the patch repository location.

Optionally, select the Yes, I have Internet connection and I want to configure proxy settings now option and click Next.

Provide the proxy server address and the proxy server port and then click Next.

Optionally, select the Authenticate proxy using the credentials below option if your proxy server requires authentication and then click Next.

Optionally, provide an alternative installation location and then click Next.
Note
If the current system does not have 120 GB of disk space available, a warning is displayed when you click Next. Click OK to acknowledge the warning.

In the Ready to Install screen, click Install to start the installation.
vum55-10

Installing…

When the installation completes, click Finish.
vum55-11

Installed programs shows the upgraded vCenter Update Manager:
vum55-12

Update Manager Client Plug-in Install

Connect the vSphere Client to a vCenter Server system with which Update Manager is registered.

Select Plug-ins > Manage Plug-ins.

In the Plug-in Manager window, click Download and install for the VMware vSphere Update Manager extension.
vum55-13

If you receive a security warning, click Run.
vum55-14

Choose the appropriate language.
vum55-15

On the Welcome screen, click Next.
vum55-16

Review the End User License Agreement. If you agree, select the I accept the terms in the license agreement option and click Next.

On the Ready to install page, click Install.
vum55-17

If you are prompted by User Access Control, Click Yes.

Installing…

Complete the Update Manager Client installation, and click Finish.
vum55-18

The status for the Update Manager extension is displayed as Enabled.
vum55-19

Click Close to close the Plug-in Manager window.

With vSphere Update Manager upgraded, I can now experiment with upgrading ESXi hosts from 5.1 to 5.5 automatically. There are still a few components left to upgrade, including the vSphere ESXI dump collector, the vSphere Syslog collector and vShere Auto Deploy. More posts to follow!