Skip navigation

Blog Posts

Total : 3,554

Blog Posts

1 2 Previous Next

VMUG Virtual Event2.png

 

Coming to CloudCredibility.com starting Monday, May 29 through the Virtual Event, Thursday, June 8:

The VMUG Virtual Event & CloudCred Competition

Score the new VMUG 6.0 badge & be entered to WIN!

2017LG.png

 

~ One Amazon Echo ~

Screen Shot 2017-05-26 at 10.41.34 AM.png

~ Two Echo Dots ~

Screen Shot 2017-05-26 at 10.42.57 AM.png

Check in at CloudCredibility.com Monday, May 29 for the pre-event tasks to get started.

Then, take advantage of the VMUG 6.0 Virtual Event on Thursday, June 8,

And play to WIN at CloudCred!

Guys, I wanted to share some thoughts on virtualization and VMware Hypervisor

I have put on some my thoughts on what I know and also took references from various other articles to create this Post.

There can be things which need to be corrected so Please share/Comment for any feedback

Many will be already aware of below Stuff but it's Purely Basics as many might also be interested to clear the Basics first

 

Let's Start with Virtualization. We may have heard this word so often but sometimes it's difficult to explain the meaning of this to a non-techie guy or even in any interview

 

=========================

 

what is Virtualization?

 

I would say virtualization as "Making something software defined  rather than physical with same features"

As per many Articles it's the creation of a virtual that is software like files -- rather than actual -- version of something, such as an operating system, a server, a storage device or network resources

 

=========================

 

What is VMware ESXI?

 

ESXI Stand for Elastic Sky X Integrated

 

VMware ESXi is a hypervisor which is the foundation of virtual infrastructure. Kind of OS which we install on bare-metal hardware. It abstracts the hardware to create a virtual infra and to consolidate and run multiple VM's on a single Computer . Hypervisor provides physical hardware resources dynamically to virtual machines as needed to support the operation of the virtual machines.

 

The hypervisor enables virtual machines to operate with a degree of independence from the underlying physical hardware.

For example, a virtual machine can be moved from one physical host to another.

Also, its virtual disks can be moved from one type of storage to another without affecting the functioning of the virtual machine

 

=========================

 

What are the Components of ESXi?

 

Footprint of ESXi is only of Size 32 MB

The VMware ESXi architecture comprises the underlying operating system, called VMkernel, and processes that run on top of it. VMkernel provides means for running all processes on the system, including management applications and agents as well as virtual machines. It has control of all hardware devices on the server and manages resources for the applications.

The main processes that run on top of VMkernel are:

• Direct Console User Interface (DCUI) — the low-level configuration and management interface, accessible through the console of the server, used primarily for initial basic configuration.

• The virtual machine monitor, which is the process that provides the execution environment for a virtual machine, as well as a helper process is known as VMX. Each running virtual machine has its own VMM and VMX process.

 

Virtual Machine Executable (VMX) process - A process that runs in the VMkernel that is responsible for handling I/O to devices that are not critical to performance. The VMX is also responsible for communicating with user interfaces, snapshot managers, and remote console.

Virtual Machine Monitor (VMM) process - A process that runs in the VMkernel that is responsible for virtualizing the guest OS instructions, and manages memory. The VMM passes storage and network I/O requests to the VMkernel and passes all other requests to the VMX process. There is a VMM for each virtual CPU assigned to a virtual machine.

 

• Various agents (hostd , vpxa, syslog etc) used to enable high-level VMware Infrastructure management from remote applications.

• The Common Information Model (CIM) system: CIM is the interface that enables hardware-level management from remote applications via a set of standard APIs.

 

Vmkernel :

 

Vmkernel is derived from Linux but it's not actually Linux

VMkernel is a Portable Operating System Interface like OS developed by VMware and provides certain functionality similar to that found in other operating systems, such as process creation and control, signals, file system, and process threads. It is designed specifically to support running multiple virtual machines and provides such core functionality as:

 

• Resource scheduling

• I/O stacks

• Device drivers

 

=========================

 

How is ESXI System Image Design Portioned?

 

• A 4MB bootloader partition, which runs upon system boot up.

• A 48MB boot bank, which contains the 32MB core hypervisor code, along with a second alternate boot bank of the same size. The reason for two boot banks is explained below.

• A 540MB store partition, which holds various utilities, such as the VI Client and VMware Tools images.

• A 110MB core dump partition, which is normally empty but which can hold diagnostic information in case of a system problem.

 

 

The ESXi system has two independent banks of memory, each of which stores a full system image, as a fail-safe for applying updates. When you upgrade the system, the new version is loaded into the inactive bank of memory, and the system is set to use the updated bank when it reboots. If any problem is detected during the boot process, the system automatically boots from the previously used bank of memory. You can also intervene manually at boot time to choose which image to use for that boot, so you can back out of an update if necessary.

At any given time, there are typically two versions of VI Client and two versions of VMware Tools in the store partition, corresponding to the hypervisor versions in the two boot banks. The specific version to use is determined by which boot bank is currently active.

The core hypervisor code also can contain custom code provided by server vendors (OEMs) that provide additional functionality, such as hardware monitoring and support information. These customizations would be present, for example, if ESXi had been obtained in embedded form from the server manufacturer or if a custom version of ESXi was installed onto the hard drive. Any update to an existing ESXi installation automatically incorporates the proper update to this custom code.

 

 

=========================

 

How ESXi Boots up?

 

ESXi base image essentially is a compressed file. When booting ESXi image, that compressed file is uncompressed into RAM

When the system boots for the first time, the VMkernel discovers devices and selects appropriate drivers for them. It also discovers local disk drives and if the disks are empty, then it formats them so they can be used to store virtual machines.

During this initial boot, the VMkernel automatically creates the configuration files using reasonable default values (for example, using DHCP to obtain network identity information).In the embedded version of ESXi, the configuration is stored in a specific part of the memory module that is both readable and writable. On subsequent reboots, the system reads the configuration from this persistent memory. In the rest of the boot process, the system is initialized and the resident file system is built in memory. The hardware drivers are loaded, the various agents are started, and finally the DCUI process is started.

 

=========================

 

Advantages and Security in Brief:

 

The ESXi architecture offers a variety of advantages over other virtualization platforms, including::

• Little state information — An ESXi system can be treated for practical purposes as a stateless compute node, with all the state information easily uploaded from a saved configuration file.

• Better security — With a small footprint and minimal interfaces, an ESXi system has a lower overall attack surface.

• Hardware-like reliability — When it is integrated into the firmware, software is much less likely to become corrupted than when it is stored on disk. The option of eliminating the local disk drive can provide even greater system reliability.

 

ESXi provides additional protection with the following features:

• Memory hardening: The ESXi kernel, user-mode applications, and executable components such

as drivers and libraries are located at random, no predictable memory addresses.

• Kernel module integrity: Digital signing ensures the integrity and authenticity of modules,

drivers, and applications as they are loaded by the VMkernel.

• Trusted Platform Module (TPM): A hardware element that creates a trusted platform. This

element affirms that the boot process and all drivers loaded are genuine.

 

=========================

 

Please do share your Thoughts about this Post . Thank-you for reading

 

Happy Learning

I got these logs

 

2017-05-17T18:21:13.052Z warning vpxd[7FC535D487A0] [Originator@6876 sub=VpxProfiler] Init [Vpx::Common::Sso::SsoFactory_CreateFacade(sslContext, ssoFacadeConstPtr)] took 117827 ms

2017-05-17T18:21:13.052Z error vpxd[7FC535D487A0] [Originator@6876 sub=Main] [Init] Init failed: Vpx::Common::Sso::SsoFactory_CreateFacade(sslContext, ssoFacadeConstPtr)

--> Backtrace:

-->

--> [backtrace begin] product: VMware VirtualCenter, version: 6.0.0, build: build-4541948, tag: vpxd

--> backtrace[00] libvmacore.so[0x003C6994]: Vmacore::System::Stacktrace::CaptureWork(unsigned int)

--> backtrace[01] libvmacore.so[0x001F0883]: Vmacore::System::SystemFactoryImpl::CreateQuickBacktrace(Vmacore::Ref<Vmacore::System::Backtrace>&)

--> backtrace[02] libvmacore.so[0x0019A7DD]: Vmacore::Throwable::Throwable(std::string const&)

--> backtrace[03] vpxd[0x00BCC43E]: Vmomi::Fault::SystemError::Exception::Exception(std::string const&)

--> backtrace[04] vpxd[0x00BC9EBA]

--> backtrace[05] vpxd[0x00BB6180]

--> backtrace[06] vpxd[0x00AF44E9]

--> backtrace[07] libc.so.6[0x0001EC36]

--> backtrace[08] vpxd[0x00AF3F3D]

--> [backtrace end]

-->

 

When I checked VCenter server was not communicating with external psc. Some removed nic from PSC , added back nic and issue resolved.

Another time we are hearing about a worldwide attack using a ransomware to stole money (bitcoins) and create services unavailability or data losses. One question in many company is asked to IT department :- Are we protect against this attack?-

 

It’s know that this attack, like the major part of the attacks, is permitted due a security bugs in Windows systems. For this reason, last month, Microsoft made available a patch to avoid this attack. But how many people already have updated their system?

 

You know, sometimes is difficult for many IT department to find the right time to apply updates and patches, because in 99% of cases it requires a reboot, with consequent unavailability or dependency problems. Answering the question for protection, if you’re in a VMware farm with many windows VMs in a domain controller, you could take the advantage of the powercli to getting the state of windows update for every window VM.

 

A note from Microsoft is released with its KBID: https://support.microsoft.com/en-us/help/4013389/title

 

Requirements

  • an vCenter account with enough privileges to execute a script using Invoke-VM script
  • an active directory administrator account (or with enough privileges) to execute Get-HotFix command
  • powercli (of course!)

The Script

Here the example:

$vCenter = "vcenter-ip-fqdn"

$winUser = "DOMAIN\Administrator"

$winPwd = "password"

$checkHotFix = @("KB4019215","KB4012598", "KB4012216", "KB4012213", "KB4012217", "KB4012214", "KB4012215" , "KB4012212", "KB4013429" , "KB4012606", "KB4013198")

 

Foreach ($vm in (Get-VM | Get-VMGuest | Select-String "windows")){

$vm = ($vm -split ":")[0]

## Test credentials

Try {

      $result = Invoke-VMScript -VM $vm -GuestUser $winUser -GuestPassword $winPwd -ScriptText "[System.Environment]::OSVersion.Version" -ErrorAction Stop

}Catch{

      Write-Host "Invalid Credentials for $vm"

      continue

}  

Write-Host "----------------------------------"

Write-Host "VM Name $vm"

Write-Host "----------------------------------"

 

$result = Invoke-VMScript -VM $vm -GuestUser $winUser -GuestPassword $winPwd -ScriptText "Get-HotFix | Select 'HotFixID'"  

Foreach ($fix in $checkHotFix){ 

      if ($result.Contains($fix)){

           Write-Host " $fix  Found"

      }

}

Write-Host "----------------------------------"

}

For newbie in powercli, before launching the script you must connect to vCenter using the cmdlet Connect-VIServer. Hope this could be useful!

VIC では、ESXi から Virtural Container Host (VCH) に対して ESXi Firewall のルール設定が必要です。

Environment Prerequisites for VCH Deployment · VMware vSphere Integrated Containers 1.1 Documentation

 

VIC 1.0 のときは下記のような感じで、悩ましい設定をしていました。

vSphere Integrated Containers (VIC) 1.0 むけの ESXi Firewall Rule 設定。

 

VIC 1.1 では、VIC で必要となる ESXi Firewall ルールの解放設定も、

vic-machine コマンドで実行できるようになっています。

 

 

それでは、ESXi Firewall を開放してみます。

 

VIC 1.1 の vic-machine-linux コマンドを使用してみます。

[gowatana@client01 vic]$ ./vic-machine-linux version

vic-machine-linux version v1.1.0-9852-e974a51

 

今回は、「vc-sv02.go-lab.jp」という vCenter の「cluster-01」クラスタにある ESXi の Firewall ルール設定を変更します。

vic-machine では、vCenter の thumbprint の指定をしないと下記のようなエラーになります。

[gowatana@client01 vic]$ ./vic-machine-linux update firewall --target vc-sv02.go-lab.jp --user gowatana --allow --compute-resource cluster-01

May 16 2017 08:58:11.738+09:00 INFO  vSphere password for gowatana:

May 16 2017 08:58:15.814+09:00 INFO  ### Updating Firewall ####

May 16 2017 08:58:15.857+09:00 ERROR Failed to verify certificate for target=vc-sv02.go-lab.jp (thumbprint=70:45:F3:C7:~省略)

May 16 2017 08:58:15.858+09:00 ERROR Update cannot continue - failed to create validator: x509: certificate signed by unknown authority

May 16 2017 08:58:15.858+09:00 ERROR --------------------

May 16 2017 08:58:15.858+09:00 ERROR vic-machine-linux update firewall failed: update firewall failed

 

thumbprint の指定をしつつ、ESXi Firewall を通信許可(allow)に設定します。
指定したクラスタに含まれるホスト 3台の設定が変更されました。

[gowatana@client01 vic]$ ./vic-machine-linux update firewall --target vc-sv02.go-lab.jp --user gowatana --allow --compute-resource cluster-01 --thumbprint 70:45:F3:C7:~省略

May 16 2017 08:58:44.670+09:00 INFO  vSphere password for gowatana: ★パスワードを入力

May 16 2017 08:58:47.196+09:00 INFO  ### Updating Firewall ####

May 16 2017 08:58:47.328+09:00 INFO  Validating target

May 16 2017 08:58:47.328+09:00 INFO  Validating compute resource

May 16 2017 08:58:47.343+09:00 INFO

May 16 2017 08:58:47.343+09:00 WARN  ### WARNING ###

May 16 2017 08:58:47.343+09:00 WARN     This command modifies the host firewall on the target machine or cluster

May 16 2017 08:58:47.343+09:00 WARN     The ruleset "vSPC" will be enabled

May 16 2017 08:58:47.343+09:00 WARN     This allows all outbound TCP traffic from the target

May 16 2017 08:58:47.343+09:00 WARN     To undo this modification use --deny

May 16 2017 08:58:47.343+09:00 INFO

May 16 2017 08:58:47.420+09:00 INFO  Ruleset "vSPC" enabled on host "HostSystem:host-29 @ /dc02/host/cluster-01/hv-n11.go-lab.jp"

May 16 2017 08:58:47.491+09:00 INFO  Ruleset "vSPC" enabled on host "HostSystem:host-32 @ /dc02/host/cluster-01/hv-n12.go-lab.jp"

May 16 2017 08:58:47.556+09:00 INFO  Ruleset "vSPC" enabled on host "HostSystem:host-34 @ /dc02/host/cluster-01/hv-n13.go-lab.jp"

May 16 2017 08:58:47.556+09:00 INFO

May 16 2017 08:58:47.556+09:00 INFO  Firewall changes complete

May 16 2017 08:58:47.556+09:00 INFO  Command completed successfully

[gowatana@client01 vic]$

 

ESXi のもともとの発信接続(outbound) のルールはこうなっていましたが・・・

vic11-fw-01.png

 

設定変更により vSPC のルールセットが解放されました。

vic11-fw-02.png

 

Firewall 設定後に Virtual Container Host (VCH) の作成をしてみると

ESXi Firewall の設定確認が OK になります。

※名前解決の都合上、vCenter はこちらでは IP アドレス(192.168.1.96)で指定しています。

[gowatana@client01 vic]$ ./vic-machine-linux create \

> --target 192.168.1.96 \

> --user gowatana \

> --compute-resource cluster-01 \

> --name vch02 \

> --public-network pg-vds02-0000 --bridge-network vic-bridge-02 \

> --image-store ds_nfs_219 \

> --no-tlsverify --force

May 17 2017 01:37:33.510+09:00 INFO  ### Installing VCH ####

May 17 2017 01:37:33.510+09:00 INFO  vSphere password for gowatana:

May 17 2017 01:37:36.594+09:00 WARN  Using administrative user for VCH operation - use --ops-user to improve security (see -x for advanced help)

May 17 2017 01:37:36.594+09:00 INFO  Generating self-signed certificate/key pair - private key in vch02/server-key.pem

May 17 2017 01:37:36.917+09:00 WARN  Configuring without TLS verify - certificate-based authentication disabled

May 17 2017 01:37:37.049+09:00 INFO  Validating supplied configuration

May 17 2017 01:37:37.154+09:00 INFO  vDS configuration OK on "vic-bridge-02"

May 17 2017 01:37:37.183+09:00 INFO  Firewall status: ENABLED on "/dc02/host/cluster-01/hv-n11.go-lab.jp"

May 17 2017 01:37:37.211+09:00 INFO  Firewall status: ENABLED on "/dc02/host/cluster-01/hv-n12.go-lab.jp"

May 17 2017 01:37:37.236+09:00 INFO  Firewall status: ENABLED on "/dc02/host/cluster-01/hv-n13.go-lab.jp"

May 17 2017 01:37:37.242+09:00 INFO  Firewall configuration OK on hosts:

May 17 2017 01:37:37.242+09:00 INFO     "/dc02/host/cluster-01/hv-n11.go-lab.jp"

May 17 2017 01:37:37.242+09:00 INFO     "/dc02/host/cluster-01/hv-n12.go-lab.jp"

May 17 2017 01:37:37.242+09:00 INFO     "/dc02/host/cluster-01/hv-n13.go-lab.jp"

May 17 2017 01:37:37.354+09:00 INFO  License check OK on hosts:

May 17 2017 01:37:37.354+09:00 INFO    "/dc02/host/cluster-01/hv-n11.go-lab.jp"

May 17 2017 01:37:37.354+09:00 INFO    "/dc02/host/cluster-01/hv-n12.go-lab.jp"

May 17 2017 01:37:37.354+09:00 INFO    "/dc02/host/cluster-01/hv-n13.go-lab.jp"

May 17 2017 01:37:37.357+09:00 INFO  DRS check OK on:

May 17 2017 01:37:37.357+09:00 INFO    "/dc02/host/cluster-01"

May 17 2017 01:37:37.378+09:00 INFO

May 17 2017 01:37:38.444+09:00 INFO  Creating virtual app "vch02"

May 17 2017 01:37:38.469+09:00 INFO  Creating appliance on target

May 17 2017 01:37:38.487+09:00 INFO  Network role "public" is sharing NIC with "management"

May 17 2017 01:37:38.487+09:00 INFO  Network role "client" is sharing NIC with "management"

May 17 2017 01:37:41.062+09:00 INFO  Uploading images for container

May 17 2017 01:37:41.062+09:00 INFO     "bootstrap.iso"

May 17 2017 01:37:41.062+09:00 INFO     "appliance.iso"

May 17 2017 01:37:49.197+09:00 INFO  Waiting for IP information

May 17 2017 01:38:07.152+09:00 INFO  Waiting for major appliance components to launch

May 17 2017 01:38:07.204+09:00 INFO  Obtained IP address for client interface: "192.168.1.2"

May 17 2017 01:38:07.204+09:00 INFO  Checking VCH connectivity with vSphere target

May 17 2017 01:38:07.315+09:00 INFO  vSphere API Test: https://192.168.1.96 vSphere API target responds as expected

May 17 2017 01:38:37.345+09:00 INFO  Initialization of appliance successful

May 17 2017 01:38:37.345+09:00 INFO

May 17 2017 01:38:37.345+09:00 INFO  VCH Admin Portal:

May 17 2017 01:38:37.345+09:00 INFO  https://192.168.1.2:2378

May 17 2017 01:38:37.345+09:00 INFO

May 17 2017 01:38:37.345+09:00 INFO  Published ports can be reached at:

May 17 2017 01:38:37.345+09:00 INFO  192.168.1.2

May 17 2017 01:38:37.345+09:00 INFO

May 17 2017 01:38:37.345+09:00 INFO  Docker environment variables:

May 17 2017 01:38:37.345+09:00 INFO  DOCKER_HOST=192.168.1.2:2376

May 17 2017 01:38:37.346+09:00 INFO

May 17 2017 01:38:37.346+09:00 INFO  Environment saved in vch02/vch02.env

May 17 2017 01:38:37.346+09:00 INFO

May 17 2017 01:38:37.346+09:00 INFO  Connect to docker:

May 17 2017 01:38:37.346+09:00 INFO  docker -H 192.168.1.2:2376 --tls info

May 17 2017 01:38:37.346+09:00 INFO  Installer completed successfully

[gowatana@client01 vic]$

 

VIC については、こちらもどうぞ。

vSphere Integrated Containers (VIC) 1.0 をためしてみる。

vSphere Integrated Containers (VIC) 1.1 の VIC Appliance デプロイの様子。

 

以上、VIC 1.1 で改善された ESXi Firewall 設定方法の様子についてでした。

This is the place where I blog https://andynashers.wordpress.com/

 

And my most popular post is on the Stanley VCP which I originally posted in January 2016 https://andynashers.wordpress.com/2016/01/14/is-this-the-cheepest-vcp-course-available/

 

They now have a VCP 6 install and config course and an optimise and scale course which I hope to take in the
future and will update my blog.

BFD Novice vExpert

VirtualMachinery in Virtual Machinery

Posted by BFD May 16, 2017

A place where I blog things I've found, built in the homelab, seen at a VMUG and so on...

 

VirtualMachinery

This article was originally posted on my personal blog IT Should Just Work back in 2014. In light of the recent WannaCry ransomeware outbreak, a script to find these old operating systems seems particularly relevant.

Some PowerShell/ PowerCLI to find all the VMs in an ESX environment which are powered on and running Windows XP or Server 2003.

In my VMware ESX environment I have (had) a number of virtual machines still running Windows XP or Server 2003- usually performing very specific tasks or allowing access to legacy applications, but still part of the production environment. With the (not so) recent End of Support for Windows XP and the upcoming one next year for Server 2003 I need to look at each of these VMs and see if they can be upgraded or decommissioned. Listing these in the GUI is fiddly at best- I want VMs with one of these two OSes, from any datacentre and I only care about VMs which are powered on. So, PowerCLI to the rescue:

get-vm |
where {$_.PowerState -eq "PoweredOn" -and ($_.Guest -like "*Windows XP*" -or $_.Guest -like "*Server 2003*")} |
get-VMGuest |
select VmName, OSFullName

 

Sample Output:

VmName         OSFullName
------         ----------
MyServer1      Microsoft Windows Server 2003 Standard (32-bit)
MyServer2      Microsoft Windows Server 2003 Standard (32-bit)
MyServer3      Microsoft Windows Server 2003 Standard (32-bit)
MyXPVM1        Microsoft Windows XP Professional (32-bit)
MyXPVM2        Microsoft Windows XP Professional (32-bit)

 

Not the most complicated piece of scripting, but it’s answered my question and I can refer back to it as upgrades continue to see what systems remain.

In my case we have 1 VC (windows based) with 2 PSC (appliances) we got these error suddenly

 

 

Cannot synchronize host (host name) License not available to perform the operation.

 

Cannot complete the license assignment operation cannot assign a license to "Host" XXX Make sure the License Service is available

 

Investigation:- I found there was issue in time between PSC and VC

 

Solution:- Correct the time on PSC and restart vpxd , issue got resolved.

 

 

 

 

 

vSphere Integrated Containers (VIC) 1.1 がリリースされました。

VMware vSphere Integrated Containers 1.1 Release Notes

 

VIC 1.1 では、1.0 とはソフトウェアの提供形式が変更され、

これまでバラバラだった下記 3コンポーネントが

1つの仮想アプライアンス(vSphere Integrated Containers Appliance)にまとめられました。

  • VMware vSphere Integrated Containers Engine 1.1
  • VMware vSphere Integrated Containers Registry 1.1 (harbor)
  • VMware vSphere Integrated Containers Management Portal 1.1 (admiral)

 

ということで、VIC Appliance を vCenter にデプロイしてみました。

仮想アプライアンスの ova ファイルは、MyVMware からダウンロードします。

 

Download VMware vSphere Integrated Containers 1.1.0

https://my.vmware.com/en/web/vmware/details?downloadGroup=VIC110&productId=614

 

マニュアルは、下記のあたりです。

Deploy the Appliance · VMware vSphere Integrated Containers 1.1 Documentation

 

 

VIC Appliance のデプロイ。

 

今回は、vCenter Server Appliance 6.5 d にデプロイしています。

 

vSphere Web Client でデプロイ先のクラスタを右クリックして「OVF テンプレートのデプロイ」。

vic-11-deploy-01.png

 

ダウンロードした .ova ファイルを選択します。

今回は、vic-v1.1.0-bf760ea2.ova というファイルを使用しています。

vic-11-deploy-02.png

 

デプロイする仮想アプライアンスにつける名前を入力します。
vCenter インベントリでのデプロイ場所も指定します。

※今回は「lab」という仮想マシン フォルダを指定しています。

vic-11-deploy-03.png

 

デプロイ先のリソースを選択します。

※今回は「vsan-cluster-01」という名前の DRS 有効クラスタを指定しています。

vic-11-deploy-04.png

 

仮想アプライアンスの情報です。シン プロビジョニングであれば、5GB 弱です。

vic-11-deploy-05.png

 

使用許諾契約書です。

vic-11-deploy-06.png

 

データストアを選択します。

デフォルトでは「シック プロビジョニング (Lazy Zeroed)」ですが、今回は「シン プロビジョニング」にします。

「vsanDatastore-01」というデータストアを選択しています。

ちなみに、VIC で Docker コンテナを起動するときに Docker Volume で vSAN を利用できますが、
それは VIC Appliance を vSAN に配置することとは特に関係しません。

vic-11-deploy-09.png

 

ポートグループを選択します。

VIC で作成する Virtual Container Host (VCH) では vDS の分散ポートグループが必要になりますが、

VIC Appliance は vSS の標準ポートグループでもデプロイできます。

vic-11-deploy-10.png

 

Appliance Security で、VIC Appliance の Root Password 入力します。

vic-11-deploy-11.png

 

Networking Properties で IP アドレスなどのネットワーク設定を入力します。

「2.6. FQDN」はあとで Web UI での Registry / 管理ポータル のリンクとして使用されるので、

実際に DNS / hosts ファイルなどで名前解決できるものを入力するとよいと思います。

vic-11-deploy-12.png

 

Registry Configuration で、Registry の admin パスワードと DB のパスワードを入力します。

※パスワード以外の項目はデフォルトのままでもデプロイ可能です。

スクリーンショットで見えない項目としては、
Registry の Garbage Collection の有効/無効、SSL Cert / SSL Cert Key を指定できます。

vic-11-deploy-13.png

 

Management Portal Configuration は、今回はデフォルトのままにします。

vic-11-deploy-15.png

 

Fileserver Configuration も、今回はデフォルトのままにします。

vic-11-deploy-16.png

 

最後に、これまでの設定値を確認します。

vic-11-deploy-18.png

 

VIC Appliance のデプロイが完了したら、手動で VM を起動します。

vic-11-deploy-21.png

 

VIC Appliance が起動されました。

vic-11-deploy-24.png

 

VIC Appliance へのアクセス。

Web ブラウザから HTTPS で、アプライアンスの TCP 9443 番ポートにアクセスすると、

VIC のコマンドラインツールと Web Client Plug-in のファイルがダウンロードできます。

※この環境では、すでに VIC Appliance デプロイ時に指定した FQDN を名前解決できるようにしてあります。

vic-11-deploy-26.png

 

これは、Linux などから curl コマンドなどでダウンロードすることも可能です。

ためしに適当な Linux からダウンロードしてみました。

[gowatana@client01 ~]$ cat /etc/oracle-release

Oracle Linux Server release 7.3

[gowatana@client01 ~]$ mkdir work

[gowatana@client01 ~]$ cd work/

 

curl で Web ブラウザ同様 9443 番ポートにアクセスしてみると、
目視でも簡単にわかるシンプルな応答が返ってきます。

[gowatana@client01 work]$ curl -k https://vic01.go-lab.jp:9443/

<pre>

<a href="com.vmware.vic-v1.1.0.zip">com.vmware.vic-v1.1.0.zip</a>

<a href="com.vmware.vic.ui-v1.1.0.zip">com.vmware.vic.ui-v1.1.0.zip</a>

<a href="vic_1.1.0.tar.gz">vic_1.1.0.tar.gz</a>

</pre>

 

curl で vic のコマンドラインツールをダウンロードしてみます。

[gowatana@client01 work]$ curl -ks https://vic01.go-lab.jp:9443/vic_1.1.0.tar.gz -o vic_1.1.0.tar.gz

[gowatana@client01 work]$ tar zxf vic_1.1.0.tar.gz

[gowatana@client01 work]$ ls vic/

LICENSE  appliance.iso  ui                  vic-machine-linux        vic-ui-darwin  vic-ui-windows.exe

README   bootstrap.iso  vic-machine-darwin  vic-machine-windows.exe  vic-ui-linux

 

このように、VIC 1.0 ではバラバラに提供されていた vic-machine コマンドも VIC Appliance に同梱されています。

[gowatana@client01 work]$ cd vic/

[gowatana@client01 vic]$ ./vic-machine-linux help

NAME:

   vic-machine-linux - Create and manage Virtual Container Hosts

USAGE:

   vic-machine-linux [global options] command [command options] [arguments...]

VERSION:

   v1.1.0-9852-e974a51

COMMANDS:

     create   Deploy VCH

     delete   Delete VCH and associated resources

     ls       List VCHs

     inspect  Inspect VCH

     upgrade  Upgrade VCH to latest version

     version  Show VIC version information

     debug    Debug VCH

     update   Modify configuration

     help, h  Shows a list of commands or help for one command

 

GLOBAL OPTIONS:

   --help, -h     show help

   --version, -v  print the version

 

HTTPS で TCP 443 番ポートにアクセスすると、Registry (Harbor) の画面が表示されます。

この Web UI には、admin / デプロイ時に指定したパスワード でログインできます。

※ 443 番ポートの指定は、Web ブラウザの都合上表示されていません。

vic-11-deploy-27.png

 

HTTPS で TCP 8282 番ポートにアクセスすると、VIC Management Portal (Admiral) の画面が表示されます。
なんと、トップページは日本語です。

vic-11-deploy-28.png

 

バージョンは 「.1」 上がっただけですが、製品っぽい形になってきたなと思いました。

 

そして、この後の VCH 作成~ Docker コンテナ起動はこんな感じです。

vSphere Integrated Containers (VIC) 1.0 をためしてみる。

 

以上、VIC 1.1 の VIC Appliance をデプロイしてみる話でした。

This guide provides a step-by-step process to configure Workspace ONE to authenticate via SAML Just-in-Time Provisioning with a Google Directory.

User provisioning is done just-in-time during user authentication.

 

The end-result will have a user (that doesn't initially exist in VMware Identity Manager Users list) get provisioned in the VMware Identity Manager tenant:

  1. User either: (a) navigates to WS1 tenant via URL, or (2) downloads WS1 App and enters Tenant URL.
  2. The app presents Google’s SAML Authentication screen (note user should not see VMware Identity Manager signin screen). User enters username password.
  3. Upon successful login, user is presented with Catalog.
  4. User gets provisioned in VMware Identity Manager Directory.

 

Configuration Steps

 

The attached PDF includes screenshots to assist the configuration steps.

 

  1. Collect required information from VMware Identity Manager tenant

    1. Save User Attributes values that need to be pulled in, such as: userName, firstName, lastName, email.
    2. Under Catalog > Settings > SAML Metadata, click on “Service Provider (SP) metadata.” Save the following data from the XML:
        1. ACS URL: Find this value under Location=”ACSURL” next to AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
        2. Entity ID: Find this value in the first line, under EntityID=”EntityID
  2. Create a SAML App in the Google Admin Console

    1. Login to admin.google.com, go to Apps > SAML apps > Enable SSO for a SAML Application.
    2. Click Setup my Own Custom App.
    3. Under Option 2, click Download IDP Metadata
    4. Enter an Application Name and Description (optional)
    5. Enter Service Provider details:
      1. ACS URL and Entity ID from Step 1.
      2. NameID = Primary Email, NameIDFormat = Email
    6. Edit the Attribute Mapping to pull in certain user values, such as firstName, lastName, email, etc.
      1. Make sure these values match the User Attributes in VMware Identity tenant under Identity & Access Management > Setup > User Attributes.
      2. Required field is: userName
    7. Ensure the SAML Application is ON for your set of users.
  3. Follow the steps in VMware Identity Manager Administration Guide > Just-in-Time User Provisioning > Configuring Just-in-Time User Provisioning.

    1. Create a Third-Party IdP under Identity & Access Management > Identity Providers.
    2. Copy the IDP Metadata that was downloaded from the Google Admin Console in Step 2, and Paste it under SAML Metadata.
    3. Click Process IdP Metadata.
    4. Set NameIDFormat as urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified, set NameIDValue as username
    5. Set NameIDPolicy as urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified
    6. Enable the Just-in-Time User Provisioning. Enter Domain from the GSuite Application.
    7. Give the Authentication Methods a identifyable name, then set SAML Context as urn:oasis:names:tc:SAML:2.0:ac:classes:unspecified
    8. Save
    1. Configure the Policies to use the Authentication Method from the IdP that was created in Step 3

     

    Once complete, a user that does not exist in VMware Identity Manager Directory should be able to authenticate through WorkspaceONE login, and get provisioned into the VMware Identity Manager Directory.

     

    FROM THE EDITORS VIRTUAL DESK
    Hi TAM Newsletter readers. There has been a lot going on over the past few weeks with new and updated releases and other items which we have been bringing to our customers attention. This week I want to point you attention to our wonderful TAM Blog and the latest post entitled "VMware Compatibility and Order of Upgrade Best Practices Review". This is a very important topic and as many of our TAM customers are upgrading their infrastructure to the latest or later editions of vSphere now is a great time to consult with your TAM on the path that is best to take for your unique situation. This is a really great blog post and I urge you to take a look at this.

     

    I hope you enjoy all of the news in this weeks newsletter from general VMware updates to our VMUG partners and more.

     

    Have a fantastic week everyone.

     

    Virtually Yours
    Neil Isserow | VMware TAM Team

    Latest News | Twitter | Facebook | LinkedIn | Blog | Newsletter | Archive
    -
    TAM BLOG | TAM WEBCASTS |
    (Kelly Dare) | (Michelle Kaiser) |

     

    VMUG (Jodi Shely)
    Full Webcasts List

     

    NEWS AND DEVELOPMENTS FROM VMWARE
    Secure Boot for ESXi 6.5 – Hypervisor Assurance
    I’ve talked about how vSphere has been moving towards a “secure by default” stance over the past few years. This can clearly be seen in the new vSphere 6.5 Security Configuration Guide where the number of “hardening” steps are growing smaller with every release. In this blog post we will go over ...

     

    AI – An Important Workload for the New IT
    When I meet with customers, I often hear that Artificial Intelligence (AI) is presented as “machines making decisions for businesses or individuals,” but my take is that AI is a tool to help people make better decisions. AI helps us connect the dots across huge data sets and gain insights to solv...

     

    Top 20 vCenter Server articles for April 2017
    vmware-dataservice-sca and vsphere-client status change from green to yellow /storage/log directory is full in vCenter Server Appliance 6.0 Purging old data from the database used by vCenter Server Unable to log into the root account of vCenter Server Appliance “Failed to verify the SSL certifica...

     

    Top 20 NSX articles for April 2017
    ESXi 5.5 and 6.0 hosts fail with a PSOD: VMCIEventDelayedDispatchCB@com Downloading and enabling VMware vShield Endpoint 5.x on supported VMware vSphere platforms Network ports required to access vCenter Server, ESXi, and ESX hosts vCenter Server certificate validation error for external solution...

     

    Top 20 vSAN articles for April 2017
    Update sequence for vSphere 6.5 and its compatible VMware products Component metadata health check fails with invalid state error Powering on virtual machines in VMware vSAN 5.5 fails with error: Failed to create swap file vSAN host may encounter a purple diagnostic screen during performance stat...

     

    Top 20 vRealize Automation articles for April 2017
    Update sequence for vSphere 6.5 and its compatible VMware products Update sequence for vSphere 6.0 and its compatible VMware products How to use JXplorer to update the LDAP string for an identity source for vRA 6.0.x, 6.1.x Directory sync in vRA 7.x fails with error ‘Connector Communication faile...

     

    Top 20 vRealize Operations Manager articles for April 2017
    Update sequence for vSphere 6.5 and its compatible VMware products Resetting the Administrator password in vRealize Operations Manager 5.x and 6.x Collecting diagnostic information from vRealize Operations Manager 6.x Update sequence for vSphere 6.0 and its compatible VMware products Enabling SSH...

     

    Top 20 Horizon View articles for April 2017
    Provisioning or recomposing a linked clone desktop pool fails Restart order of the View environment to clear ADLDS (ADAM) synchronization in Horizon View Removing invalid linked clone entries automatically using the ViewDBChk tool in VMware Horizon View 5.3 and later versions VMware View ports an...

     

    Top 20 vRealize Log Insight articles for April 2017
    Update sequence for vSphere 6.5 and its compatible VMware products FAQ: Log Insight for vCenter Server Authentication with Active Directory is slow in VMware vRealize LogInsight 3.0 when users belong to multiple nested groups Log Insight load balancer incompatible with NSX Distributed Firewall Pr...

     

    Top 20 ESXi articles for April 2017
    ESXi host fails with PSOD when using Intel Xeon Processor E5 v4, E7 v4, and D-1500 families ESXi host fails with intermittent NMI PSOD on HP ProLiant Gen8 servers Unable to power off the virtual machine in an ESXi host Recreating a missing virtual machine disk descriptor file Permanent Device Los...

     

    New KB articles published for week ending 29th April 2017
    VMware App Volumes Excluding files and locations from Writable Volumes Published Date: 2017/04/23 VMware ESXi Hosts fails with a purple diagnostic screen when retrieving flows for ALG enabled protocols Published Date: 2017/04/24 VMware ESXi 5.5 & 6.0 may fail with PSOD when IPFIX is disabled Publ...

     

    ‘May the 4th Be with You’ on Your Journey to the Cloud
    The public cloud has stepped out of the shadows and stretched across the solar system as organizations scale their usage of it to extend on-premises infrastructure, consolidate or migrate data centers, and support dynamic capacity requirements.   But many organizations also run apps and manage on...

     

    Oracle Database 12c on VMware vSAN — Day 2 Operations and Management
    Oracle Database 12c on VMware vSAN — Day 2 Operations and Management Customers deploying production Oracle workloads have stringent requirements to support and maintain critical database operational tasks such as Backup and Recovery, Cloning, Data Refresh for Development/Test environment and Patc...

     

    Partner Spotlight: NTT’s Virtual Infrastructure Makes the Switch to the Public Cloud Even Easier
    These days, every company has cloud adoption square in their sights. And frankly, it’s a matter of survival . But making the switch to the public cloud is difficult, weighted by legacy systems and incompatible architecture. Fortunately, virtualization may hold the key to success.   In the latest ...

     

    The NSX Mindset
    The NSX Mindset: one’s mental capability to be a determined leader and catalyst for change in the way a company designs, implements, manages, and operates networking and security. Change isn’t easy. Especially when it involves something personal. Unfortunately, though, it happens whether we like ...

     

    Dogfooding the Cloud: How VMware Used vCloud Director to Consolidate Internal IT
    By Tina Cressia-Thomas   In Silicon Valley, it’s common to hear of companies, “dogfooding” their product – using their own product internally – to quickly iterate and develop a better user experience before releasing to customers. There’s plenty of famous examples ; however, it’s not every day yo...

     

    Apple Takes the Wearables Lead, Decoding Win10 S, Internet 4.0 & More Top Mobile News
    Sorry, Fitbit, there’s a new sheriff in town. With nearly 60% growth in shipments in Q1 this year, Apple Watch officially became the king of the consumer wearables castle, according to CNBC . Fitbit, which was the long-time market leader, dropped to second after a 35% decline in Q1. Get the mobil...

     

    Top EUC News: Password Misery, Windows 10 S & Dell EMC World, Oh My!
    Here’s the first edition of our new series, top end-user computing (EUC) news! Sign up at the top of this page to get the weekly newsletter in your inbox every Friday. The password is … We released the results of a new VMware survey this week that revealed companies’ top 10 identity and access ma...

     

    3 Ways Industry 4.0 & Wearables Revolutionize Supply Chains Today
    At ProMat 2017, the largest material handling, logistics and supply chain show and conference in North and South America, “Industry 4.0” was THE hot topic. But what exactly is Industry 4.0 and how will it revolutionize supply chains? According to Markus Lorenz , partner and managing director at B...

     

    Building Great Technology Starts with Building a Great Team, Part 1
    Follow the VMware UX Series. Here at VMware AirWatch , we work hard to create a progressive culture that promotes cross-functional collaboration and fosters a strong drive to execute effectively. Last year, Tony Keuh saw an opportunity for our engineering, user experience (UX) and marketing teams...

     

    Decoding Windows 10 S & How to Make It a Success in Your Organization
    There’s little doubt that Windows 10 adoption is on a roll— 400+ million devices and 54% of global organizations are running Microsoft’s latest operating system (OS). It’s only about a month since the third major upgrade ( Creators Update /v1703) was launched, and Microsoft is continuing to ride ...

     

    10 Reasons Why Enabling More than Secure Email for Mobile Workers Is So Hard
    Get the 10 reasons in this free eBook. Securely enabling more than email for mobile workers is hard. You know it. We know it. The question thus far is why it’s so hard. IT gives workers the secure work apps they need to securely work from anywhere. Yet for reasons mostly unknown, workers do not a...

     

    New Research: Top 10 Identity and Access Management Challenges
    As organizations undergo digital transformation, they experience challenges along the way. This is due to the fact that this transformation often requires them to update and/or replace legacy solutions. They also have to implement new ways of securing access from the plethora of devices out there...

     

    Azure AD Join with VMware Workspace ONE
    Secure, timely support for remote Windows users can be tricky. Imagine your top remote sales rep breaks her laptop before an onsite meeting with a vital client. Does she have time to wait for IT to grab a new laptop, Domain Join it for secure access to corporate resources and then ship it out? Ev...

     

    VMware AirWatch – NSX Integration
    Integrate VMware AirWatch Enterprise Mobility Management with VMware NSX Network Virtualization and Security Platform to extend security policies from the data center to mobile application endpoints. VMware AirWatch – NSX Integration brings speed and simplicity to networking and micro-segmentatio...
    May 1, 2017 3:00:24 PM

     

    EXTERNAL NEWS FROM 3RD PARTY BLOGGERS
    Virtually Speaking Podcast: VMW Cloud on AWS
    Advertise here with BSA I was on vacation the past two weeks, yesterday I got a message from Frank Denneman and Pete Flecha if I had some time available. I was working in my backyard so dropped my tools and hopped on. Apparently John was sick, so I took his spot and here’s the result. Interesting...

     

    x509 error logging into harbor registry via VIC VCH
    In my last post, I showed some of the new command line functionality associated with deploying out a new Virtual Container Host (VCH) with vSphere Integrated Containers (VIC) . I also highlighted how VIC now includes both Admiral for container orchestration via templates and the harbor registry i...

     

    VMware PowerCLI 6.5.1 Installation Walkthrough
    VMware PowerCLI 6.5.1 introduces a new installation method to users. This new method pulls directly from the PowerShell Gallery

     

    Correlating vSAN perf metrics from vSphere Web Client to both PowerCLI & vSAN Mgmt API
    While going through the PowerCLI 6.5.1 release notes last week, in addition to the new Get-VsanView cmdlet which exposes the complete vSAN Management API through PowerCLI, I had learned that we had also released a new Get-VsanStat cmdlet. This new cmdlet allows customers to easily retrieve the va...

     

    vSAN 6.6: Manual vs Automatic Disk Claim Mode
    Advertise here with BSA I received this question on Manual vs Automatic disk claim mode in vSAN 6.6. Someone upgraded a cluster from 6.2 to 6.6 and wanted to add a second cluster. They noticed that during the creation of the new cluster there was no option to select “automatic vs manual”. I think...

     

    VMware Validated Design (VVD) & VMware Cloud Foundation (VCF) Quick References
    The other day, I had a customer ask about the latest version of the Ports and Protocols document that was put together by the VMware Validated Design (VVD) team which does a fantastic job of outlining all the connectivity between the products used within the VVD SDDC. It actually took me awhile t...

     

    Getting started with VIC v1.1
    VMware recently release vSphere Integrated Containers v1.1. I got an opportunity recently to give it a whirl. While I’ve done quite a bit of work with VIC in the past , a number of things have changed, especially in the command line. What I’ve decided to do in the post is highlight some of the ne...

     

    vSAN Deep Dive
    This session covers basic to advance vSAN topic. Watch this video if you to learn basics and few of the advance areas of vSAN.

     

    Welcoming PowerCLI to the PowerShell Gallery
    While I’ve always enjoyed using VMware’s PowerCLI module for PowerShell, it has been a bit annoying having to navigate to the official VMware site, log in, download the bits, agree to terms, and do a thick installation on every workstation or server that needs the code. Which is why I’m quite hap...

     

    Dell EMC World 2017–here we come!
    We are 6 days away from getting together at #DellEMCWorld 2017 with 12,000+ of our closest friends, customers, and partners.   I love that I can say “don’t just listen to me, here’s what attendees say” (click on the below for a LOT more)! So what should you expect?   Product announcements, 3 gene...

     

    Can I front vSAN with a VAIO Caching Solution?
    Advertise here with BSA I had this question a couple of times already, so I figured I would write a quick post. In short: yes you can put a VAIO Filter in front of vSAN. The question really is, which one would you like to use and why? First of all, the VAIO Filter needs to be certified to be plac...

     

    DISCLAIMER
    While I do my best to publish unbiased information specifically related to VMware solutions there is always the possibility of blog posts that are unrelated, competitive or potentially conflicting that may creep into the newsletter. I apologize for this in advance if I offend anyone and do my best to ensure this does not happen. Please get in touch if you feel any inappropriate material has been published. All information in this newsletter is copyright of the original author. If you are an author and wish to no longer be used in this newsletter please get in touch.

    © 2017 VMware Inc. All rights reserved.



    FROM THE EDITORS VIRTUAL DESK
    Hi everyone, this week I bring you news regarding VMworld and TAM Day, an event that we hold every year for our TAM Customers. We are still a few months away from VMworld however as is customary TAM Day filled up pretty fast and we want to make sure that you are aware of this event if you are planning on attending VMworld this year. If you are intending on going to VMworld this is a not to be missed day focused around the needs of our TAM customers, and a great opportunity to hear first hand from many VMware leaders prior to the actual event itself. So if this is interesting to you then please reach out to your VMware TAM and they can assist you with how to register for TAM Day to ensure that you do not miss a thing.

    This past week I was also privileged to attend my local VMUG. If you haven't been to a VMUG before or for a while I suggest you check them out online at www.vmug.com and register to get updates for you local VMUG as well as the many excellent online events that they produce. We also keep a handy link in every newsletter below of the upcoming VMUG webcasts.


    I wish you a fantastic week ahead and look forward to the next edition of the TAM Newsletter. In the meantime please enjoy this weeks newsletter and all of its goodness.

    Virtually Yours
    New Isserow | VMware TAM Team

    Latest News | Twitter | Facebook | LinkedIn | Blog | Newsletter | Archive
    -
    TAM BLOG | TAM WEBCASTS |
    (Kelly Dare) | (Michelle Kaiser) |

    VMUG (Jodi Shely)
    Full Webcasts List


    NEWS AND DEVELOPMENTS FROM VMWARE
    Understanding How Host Profiles Handles Host-Specific Configuration Settings Through Customizations
    Host Profiles is an advanced capability of VMware vSphere that provides for configuration and compliance checking of multiple VMware ESXi hosts. Although a profile can be attached directly to a single host in vCenter Server, typically, a profile is attached to a vSphere cluster, where all the hos...

    Virtual Network Provisioning via the Hypervisor
    We’ve shared other resources with you before that discuss what network virtualization is and the essential of micro-segmentation . Today, we’re taking a look at provisioning virtual networks. According to our free whitepaper Network Virtualization Makes Your Life Easier : Virtual networks can be ...

    New KB articles published for week ending 22nd April 2017
    VMware ESXi “AddVirtualMachine: VM ‘XX’ already registered” warnings keep logging into hostd.log Published Date: 2017/04/18 Platform Erratum messages related to USB controller may be observed on Intel Platforms Published Date: 2017/04/20 The DCUI sometimes displays less memory than is available o...

    vRealize Network Insight, NSX and Palo Alto Networks for micro-segmentation
      Data Center cyber security is a fast-moving target where the IT teams need to constantly stay ahead of those that wish to do evil things. As security attacks can come from all directions, externally, and internally as well, the IT teams must fortify all the data, with a zero-trust security appr...

    The Public Cloud: The True Next Step in Modern Data Center Control and Evolution
    After virtualization itself, the public cloud is considered the natural second step in helping both private and public organizations protect, extend, and replace existing data center infrastructure. And spending trends indicate that many enterprises are keen to jump on the public cloud bandwagon....

    White Paper: Aligning vRealize Operations with Business Outcomes
    by Peter Tymbel Over the past few years, I have been designing, deploying, and customizing vRealize Operations (vROps) Manager for many VMware customers. Working with different clients, I noticed a common theme emerge among various business and IT leaders. Many customers are looking for IT report...

    vTechTalk: Disaster Recovery to the Cloud and VMware vCloud Air Network
    The VMware vCloud® Air™ Network is a global network of over 4000 service providers in 116 countries. Together, these providers distribute and deploy over 3 million VMs! It’s an unbelievable scale, but what does this mean for users?   It means giving users the cloud solutions they need at the ente...

    Understanding Layer 2 Extensions for the Hybrid Cloud
    By Trey Tyler, Sr. Solutions Strategist Taking a VLAN and extending that broadcast domain across two sites can be identified by many names including; Data Center Interconnect (DCI), Data Center Extension (DCE), Extended Layer 2 Network, Stretched Layer 2 Network, Stretched VLAN, Extended VLAN, St...

    Revera Delivers Self-Served Excellence with vCloud Director®
    By Tina Cressia-Thomas, Senior Product Marketing Manager for vCloud Director     When Revera, a New Zealand-based IT Infrastructure and Platform Services company, needed to supply cloud IT services to government agencies they turned to VMware. With the aid of VMware’s vCloud Director cloud manage...

    In Top Mobile News: Windows 10 Smartwatches & Android-Supported Laptops
    Windows 10 smartwatches come to the enterprise. It’s 1.54 inches, runs Universal Windows Applications, secure and built to “survive a hard day at work,” said Microsoft . The TrekStor IoT Wearable runs on Windows 10 IoT Core, a version of Windows 10 for the Internet of Things. Microsoft will revea...

    Silent Mobile Threat: How Apps Steal Your Data
    Do your personal mobile apps steal data from you, with or without your consent? On the business side, does this mobile surveillance put your company’s data at risk? Read this insightful guest blog from Appthority Co-Founder and President Domingo Guerra. It seems like a fair trade: Get your favori...

    New Video! Simplifying App Access & Management with VMware Workspace ONE
    In today’s mobile cloud world, it’s all about the apps. Apps are what help your workforce be productive and successful. Unfortunately, employees do not often use the apps their company provides. Studies have shown that with each extra step required for onboarding a new app, you lose 7% of your us...

    Experience High-Performance Graphics with Free NVIDIA GRID & VMware Blast Extreme Test Drive
    It can be quite challenging for IT administrators to provide great user experience for high-performance desktops remotely. With VMware Blast Extreme and its new adaptive transport capabilities, we made this possible. With all the excitement a few weeks ago around the announcement of VMware Horizo...

    VMworld 2017 Registration Is Open: Here’s What EUC Experts Can Expect
    Registration is open for VMworld 2017 . For VMware EUC customers and experts, this is a once-in-a-lifetime experience you won’t want to miss. Experience End-User Computing (EUC) at VMworld Date: Aug. 27-31 Location: Las Vegas | Mandalay Bay Hotel & Convention Center Get connected with EUC subject...

    Exclusive AirWatch Experience at VMworld 2017: Your Ticket Awaits!
    Registration is open for VMworld 2017 . For VMware AirWatch customers and experts, this is a once-in-a-lifetime experience you won’t want to miss. Experience End-User Computing (EUC) at VMworld Date: Aug. 27-31 Location: Las Vegas | Mandalay Bay Hotel & Convention Center Get connected with EUC su...

    Better Together: VMware Workspace ONE & Office 365
    Consider this: when it comes to securing enterprise applications, you might not have the whole story. You may have heard that an application-only security framework for Office 365 provides adequate protection. However, unless you secure the entire endpoint, applications face security risks. VMwar...

    EXTERNAL NEWS FROM 3RD PARTY BLOGGERS
    vSAN and Predictive DRS, Network-Aware DRS and Proactive HA
    vSphere 6.5 saw the release of a number of improvements in the areas of DRS. I won’t detail all of the improvements here, since my colleague Brian Graf has done a great job of describing the features in a number of different blog posts. He discussed Network-Aware DRS here , Predictive DRS here an...

    Latest Fling from VMware Labs - ESXi Learnswitch
    ESXi Learnswitch is a complete implementation of MAC Learning and Filtering and is designed as a wrapper around the host virtual switch. It supports learning multiple source MAC addresses on virtual network interface cards (vNIC) and filters packets from egressing the wrong port based on destinat...

    New Technical White Paper - VMware vSAN Network Design
    vSAN is a hypervisor-converged, software-defined storage solution for the software-defined data center. It is the first policy-driven storage product designed for VMware vSphere environments that simplifies and streamlines storage provisioning and management. vSAN is a distributed, shared storage...

    Where’s the HA enforce VM-Host and Affinity rules option in vSphere 6.5?
    Advertise here with BSA Last week on (VMware internal) Socialcast someone asked where the UI option is in vSphere 6.5 that allows you to enable the ability for vSphere HA to respect VM-Host Affinity and VM-VM Anti Affinity rules. In vSphere 6.0 there is an option in the Rules part of the UI as sh...

    Norway VMware User Group Meetings – May/June 2017
    I’m delighted to report that I’ve been invited to speak at the upcoming Norway VMUG (VMware User Group) meetings. These take place in three different cities over the week of May 29th (week 22), with three meetings in three days. On Tuesday, May 30th, the Oslo VMUG will take place. On May 31st, it...

    ESXi Learnswitch – Enhancement to the ESXi MAC Learn DvFilter
    The ESXi MAC Learn dvFilter Fling was released a little over two years ago and it has become a must have when it comes to running our ESXi Hypervisor within a VM, also referred to as Nested ESXi. The reason this Fling has become such a popular hit amongst our customers and partners is that […]

    Managing & silencing vSAN Health Checks using PowerCLI
    One neat capability that was introduced with vSAN 6.6 is the ability to "silence" and disable specific vSAN Health Checks. A recent use for this came up on Duncan's blog where the vMotion health check would fail if you are using a vMotion network stack. As you can imagine, this feature can also c...

    Free e-learning course - VMware vSphere: What's New Fundamentals [V6.0 to V6.5]
    This course highlights the new features and enhancements in vSphere 6.5. It also presents use cases that describe how the new features align with customer needs. This course begins by discussing VMware vCenter and VMware vSphere administration. To simplify what’s new in vSphere 6.5, we can break ...

    DISCLAIMER
    While I do my best to publish unbiased information specifically related to VMware solutions there is always the possibility of blog posts that are unrelated, competitive or potentially conflicting that may creep into the newsletter. I apologize for this in advance if I offend anyone and do my best to ensure this does not happen. Please get in touch if you feel any inappropriate material has been published. All information in this newsletter is copyright of the original author. If you are an author and wish to no longer be used in this newsletter please get in touch.

    © 2017 VMware Inc. All rights reserved.

    How to Manage VCSA 6.5 Embedded Postgres Database using pgAdmin (With GUI)

     

    Default database for vCenter Server appliance 6.5 and windows based vCenter Server 6.5 is Postgres database. Most of the VMware administrators are more comfortable with managing the Microsoft SQL servers using the GUI based database management tools. When we start using the default embedded database for vCenter Server appliance 6.5. You need to manage the postgres database from command line and other option is to manage the embedded database using other third party postgres database management tools such as pgAdmin. pgAdmin allows you to manage the vCenter Server appliance 6.5 embedded postgres database via GUI. In this article, we will discuss about how to manage the vCSA 6.5 embedded postgres database using pgAdmin.

    How to Manage VCSA 6.5 Embedded Postgres Database using pgAdmin

    pgAdmin tools are available for Windows, Liux and also for Mac OS.  I am going to install the pgAdmin on the windows server, So download pgadmin for windows. Once download is completed, Start the pgAdmin installation. Click on Next to continue.

    vCSA Postgres Database

    Follow the wizard instructions, and Click on Finish to complete the installation.

    Manage vCSA Postgres Database using Pgadmin_2

    Before We start managing the postgres database using pgadmin, we need the postgres database connection information. Take a look at how to interact with VCSA 6.5 Embedded VPostgres Database.  Connect to the VCSA 6.5 using SSH and login with root credentials. Execute the below command in bash shell to get the embedded postgres database configuration information

     

     

    1

     

     

    cat /etc/vmware-vpx/embedded_db.cfg

     

    It displays the embedded database configuration information such as DB Type, DB Server name. DB port, DB instance name , DB user name and also PG User Password in Quotes. This information are needed when you need to manage and troubleshoot the VCSA 6.5 Embedded VPostgres Database from outside the server.

    Manage vCSA Postgres Database using Pgadmin_3

    Before managing the embedded database using pgadmin, you should ensure you have configured your vCenter server appliance firewall to Manage VCSA 6.5 Postgres Database Remotely. Configure the VCSA 6.5 firewall prior to manage the embedded database using pgadmin. Once you are done with the firewall configuration, Open the pgadmin console. Right-click the Severs -> Create -> Server

    Manage vCSA Postgres Database using Pgadmin_4

     

    Enter the vCenter Server FQDN hostname or IP address in the general tab.

    Manage vCSA Postgres Database using Pgadmin_5

    Click on Connection tab -> Enter the connection information copied from the VCSA database configuration information. Copy the username and password from the embedded database configuration information. Click on Save.

    Manage vCSA Postgres Database using Pgadmin_6

    That’s it . We have connected to the VCSA 6.5 embedded  database using pgadmin.  Now you can manage the embedded database via GUI as similar to your SQL management.

    Manage vCSA Postgres Database using Pgadmin_7

    That’s it. VCSA database management become easy now. I hope this is informative for you. Thanks for Reading!!. Be social and share it in social media, if you feel worth sharing it.

    1 2 Previous Next

    Actions

    Looking for a blog?

    Can't find a specific blog? Try using the Blog page to browse and search blogs.