Bring Back VMTN

Posted on November 7, 2011 by

So this morning it occurred to me that we needed a way to gather our collective voice. I created a short survey that may help.  Visit the site http://bringbackvmtn.com to make sure your voice is heard!

Posted in General | Tagged , , | Leave a comment

Replacing VMware’s powershell reip command-let (Set-VMGuestNetworkInterface).

Posted on October 20, 2011 by

Set-VMGuestNetworkInterface has several problems windows 2008 for example has both ipv4 and ipv6 this breaks vmwares bat files that it uses in the backend to reip the system. Several solutions have been posted on the internet to get around this flaw. But all have the same basic problem (they all use netsh). Netsh alone seems to be a little buggy. But the largest downfall with netsh is the need to specify a network name to reip. Well what if doing balk reip’s where the network name will be unknown, what if the virtual machine has more than one network? Easy I wrote my own powershell tool to replace this and wrote a java script that uses WMI not netsh. This script allows you to set the IP of the nic by the virtual network name. So the underlying nic name is irrelevant.
Enjoy!!!

To use place the netconfig.js file in the c:\scripts directory from the system you are running the set_vmnic.ps1 from. Any questions on arguments just launch the set_vmnic.ps1 from vmware powershell.

Also working on a “remove program” powershell script as well as a “rename/join domain” powershell script.

This blog for security reasons will not allow a script to be uploaded.
So please rename set_vmnic.ps1.doc to set_vmnic.ps1 and netconfig.js.doc to netconfig.js once downloaded. set_vmnic.ps1

| Tagged , , , | Leave a comment

Thoughts on vCD Adoption (one perspective)

Posted on October 14, 2011 by

I have seen a lot of talk about adopting the cloud lately. A fair amount of it has been based around “high-governance”. To be more specific; one use case is a large financial that requires physical separation of tiers. Security mandates that are more cumbersome than a business that may not have to deal with the compliance constraints you may see in health care, finance, government, etc. A high-governance cloud differs from a low-governance cloud, such as Amazon’s EC2, in that a set of enterprise policies must be applied to any virtual machine instance created and deployed before being connected to the rest of the corporate network.  As a result, in a high-governance cloud design there is an increase in attention on post-provisioning and virtual machine lifecycle management that doesn’t exist in the low-governance counterpart architecture.

The design we have been working with consists of stretched clusters, NetApp metro clusters, with Overlay Transport Virtualization (OTV) for site failure. With all of this in place, the site failures should be seamless, but security constraints mentioned before coupled with all of these technologies presents some challenges as well as benefits:

-  The multi tier design mandated by the security group gives physical separation to each tier, along with limited communication. The communication is also done on an IP to IP basis; as opposed to a range being allowed.

-  There is no common management network between the tiers giving a constraint on host communication.

Once we understood the design limitations and constraints of the customer environment, attention was focused on the primary customer requirement: the self- and post-provisioning of virtual machines to all tiers in a single request.  Additionally, the customer wanted a simple user interface that did not require advanced knowledge of the customer’s multi-tier cloud architecture.

One of the proposed solutions we have designed is a vCO (VMware Orchestrator) and vCD implementation using the new Notifications (callouts) feature of vCD 1.5. In this solution, we leveraged some of the existing scripts that had been written for post provisioning tasks at the client. The process design on a high level:

            – The first problem we had with this approach was that a single request could not comprise multiple-tiers in vCD.  We were going to use a VCO front end to actually make 3 vApp requests from a single interface.  

This addressed the design issue we were faced with, but added some complexities to the environment as well. Since we cannot layer post provisioning tasks onto the service catalogue entries, we needed to have a small script call on other scripts in order to complete the tasks. To meet all of the different types of deployment tasks, we need to have some sort of custom attribute or description for each vApp request in a CMDB which VCD could consume, growing it exponentially. Having those attributes in vCO causes a need for a different service catalogue entry for each type of deployment as well. In a nutshell, a single template may need dozens of different service catalogue entries. based on this logic we would be looking at: 4 Source VMs * number of deployments.  Even if you use the same base images for 8 more SCatalog entries, before deployment, you’ll have 9 catalog entries * 4 VMs ( 9 * 4 = 36 VM templates in the catalog).  Now imagine you have to apply critical patches to your 4 source VMs….you’ll have to patch every one, or recreate the service catalog. 

I think vCD is the approach we would like to take, but to get there I think there might be some obstacles to overcome and make it much easier to adopt:

1. A more customizable UI, perhaps with hooks for vCO into the service catalogue, instead of the individual VM’s. There can be a custom UI for the users (not in this client….), but I think being able to modify the current UI to meet the requirements may be a better option.

2. A way to link multiple physically separate tiers with a single vCD cell. Perhaps unifying the provider vDC’s, (very challenging considering the compute resources defined by provider vDC’s). vShield is not an option for the client currently.

3. I would also like to see a way to choose the data store/provider vDC/Org vDC we go to during deployment for certain cases. During the deployment process, I if I could make these selections; I could potentially place two VM’s in a vApp in tier 2, and 3 in tier 3, for example. This would allow for one vApp request spanning all of the tiers.

In a future post, I will discuss some other options we have been looking at, vSM, vCM, etc… ; along with further defining the requirements we have had to meet.

| Leave a comment

vCenter Server Heartbeat 6.3 U1 – Fresh Air

Posted on April 25, 2011 by

It has been a while since I made the time to write but I found this update on vCSHB very interesting and worth sharing.   I have been testing vCSHB 6.3 in the lab with a stretchd datacenter and ESXi cluster design for about a year now and found it almost impossible to manage vCSHB given it’s reliance on a singe host IP/Name.  Mike Laverick had a great post on the product back in August of 2010.  Since that time VMware has been working on improving this fundamental issue and managed to slip it into a minor update.  I suspect most people missed this “minor detail” in the 6.3 U1 release notes.  It reads:

Enhanced passive server management capabilities — A new deployment option allows the passive server to be managed and monitored remotely, this includes receiving file level antivirus updates…”

THIS IS A BIG DEAL!   This allows us to finally use a third IP to manage the vCenter instance while providing both HA nodes their own (unique) primary host IP.  What a relief.  I am very happy to report that this has been the best release of vCSHB I have seen yet and with this feature, it is finally something I would consider putting into production when the time is right.

I included a high level overview below that may help explain:

What may not be entirely obvious here is what to do with the Neverfail IP filter driver. Why do we still need a filter driver controlling ingress and egress traffic on primary interfaces for the vCenter hosts if we now have the VIP?  VMware ensures me it still plays a part but I can tell you we have it turned off and haven’t noticed a problem yet!  :-)

Enjoy!

Posted in High Availability, Network | Leave a comment

Ben Verghese – Incremental Steps…

Posted on December 5, 2010 by

My good friend Ben Verghese posted an interesting thought this week.  It is worth the short read!  –> Ben’s Post

 

A few thoughts on the post:

Attrition is a beautiful thing.

 

I say this because I believe without a doubt it is the easiest and most likely approach to cloud architecture, wether it be public, private or a hybrid cloud model, applications and infrastructure running in our data centers today are not built to take advantage of cloud architectures leaving us with attrition as the most likely method businesses will implement cloud infrastructure.

I could not agree more that companies need to think more about how they will embrace cloud and what it means to their specific business rather than how a given tool chooses to deliver cloud services. A blank sheet of paper or in many cases the infamous white board is exactly where one should start.

The “greenfield” notion is one that many of us dream of, thankfully it is one my organization gave us a chance to take head on this year. We chose the name “Clean Room” rather than “Greenfield” since we essentially carved out existing data center space into a clean room to implement a private cloud model that spans multiple data centers and redesigned infrastructure from the ground up. Many organizations will be faced with similar projects and need to ensure they check any previous infrastructure management methods at the door.

Implementing clouds is one thing, designing and hosting applications that are built for them is something entirely different. I honestly think it will be application integration with clouds that we all struggle with and it is not until we integrate applications that we reap the true benefit of cloud.

Thanks as always for sharing your thoughts Ben!

 

Posted in Clouds | Leave a comment

VMworld 2010

Posted on August 28, 2010 by

Greetings from somewhere 30,000 feet in the air between San Fransisco, CA and Charlotte, NC. As I head out for my 6th VMworld I was pleasantly surprised to find that my flight had internet access. I was also pleased at the lack of latency on the internet connection. Very nice!

There have been plenty of posts on this years VMworld so I won’t bore anyone with another one but but this VMworld is shaping up to be one heck of a week. Have a great week everyone!

Charlie

Posted in General | Leave a comment

VMware’s CTO Opens a Community Forum

Posted on August 25, 2010 by

I don’t typically blog about news but I thought this was one worth the time.  VMware’s CTO, Steve Herrod, has just launched a new community forum that provides us a unique opportunity to engage directly with the members of the CTO Office.  There are a wide range of discussion forums for various members of Steve’s office including;  Security, Cloud Applications Architecture, Open Standards, End User Computing, Public Sector, Emerging Devices, High Performance Computing and Management.

I would encourage you to take advantage of this opportunity and begin posting questions or discussing topics of interest.

Here is the link: http://communities.vmware.com/community/cto/

Enjoy!

Posted in General, News | Leave a comment