VTwinDude's Blog

I've been working with VMware a long time and it works really well when you want to separate environments (IE VMs, clusters), have a single management tool set and save money via server consolidation.

We are now turning a new leaf as we move away from datacenter centric environments to application centric environments. I think that Kubernetes potentially will become the gateway to infrastructure. Being able to take an action directly against the ESXi kernel that run Kubernetes removes a lot of complexity.  However, I do believe that VMs and containers will be here for a long time, apps aren’t that easy to refactor.

There are many ways of doing Kubernetes. I do think VMware got it right by making Kubernetes part of the vSphere platform natively (ESXi kernel). This makes Kubernetes containers a 'first class citizen' on infrastructure instead of Infra-VM-OS-Container-app. This new way allows applications to scale as the application requires. That means that we will be able to manage 'both 1st class citizens (VMs and containers)' with one tool (VC) on one platform (vSphere) that enables operations and developers to do their job more efficiently! VMware DRS will still to the resource placement for workloads-the scheduler is very good at what it does.

This means that automation will be built-in to the platform to simply scale based on application's needs via policies and configurations. Today we simply automate what humans are doing as repetitive tasks, scripting things to be more efficient. But what we don't do is script application needs. As an example, imaging an application that needs more resources. You can now 'spin up another VM/container' or script logic to spin up another VM on another host. This builds resiliency into the application layer while keeping configuration consistent. Now we will be able to simply configure a policy to always have 3 containers up and running in a pod which can be built across hosts (IE ESXi cluster) and scale up as the application requires. The new way of automation where we won't need other agents, or to react, but the system will simply do it based on the configuration/policy is the future.

Kubernetes has a logical construct called a namespace which can be a collection of many things including VMs, PODs, and services along with other objects. A namespace allows for polices to be applied to it just like if it was a VM or storage or network, awesome right! Think about Kubernetes cluster running beside a VM cluster in the same Virtual Center that allows developers to run API commands directly to Kubernetes – there’s no need to learn a new tool.

Also, I would like to note that Kubernetes will run across all of the cloud providers as VMware is on top of them today. This should allow for multi-cloud models that are app centric! What if we were able to run an application with a node on-prem and 2 nodes in different clouds?

There are a lot of things that will mature over the next year. It will be great to learn and grow as a powerful platform continues to enable organizations to build modernized applications and support them.

 

A few days ago I read a post by Mike Webster and was introduced to a product that peaked my interest.. (http://longwhiteclouds.com/2017/04/08/runecast-your-way-to-a-more-trouble-free-virtualization-environment/ ).

I have to spend time reviewing logs, dashboards, vCheck reports and other tools to keep virtual environments in a stable and healthy state. I have always wished there was a method to look at issues and match them up with VMware KB articles/data. I always want to be proactive and know of any potential issues or improvements to the configurations that I could do (before a customer would be impacted). I was like wow this is really cool to be ahead of issues as well as understand the issue/s.

 

I got time to install this and I have to say -- I am very wow'ed!!!!

What is Runecast?

Proactive tool that continuously checks your environment, vCenter, ESXi servers and VMs to ensure they are running at peak performance with no known configuration issues or security issues. IE --- > Proactively use VMware KBs, best practices and security hardening guidelines to protect your environment.

The really cool thing is you can stay up to date on industry issues that could impact your environment. Runcast is a virtual appliance (OVA) and can be updated from the internet or it can be updated via an ISO image (offline update). It is updated with information that has been mined from the VMware KBs and is used to proactively check log and configuration for issues in the virtual environment. It also has security configuration checks.

Installation

Installation was extremely simple, Runecast provides a virtual appliance (OVA) file that can be downloaded from the web and deployed via virtual center.

After configuring the VC permissions I clicked the “Analyze Now” button and the scan began. You can also schedule scans. I was also able to export findings. All good stuff.

Within a few minutes data started flowing into the dashboards and it found some known issues in the environment… my environment is rather large – many VCs, 100s+ hosts and over 1000s VMs, I also have a mix of versions – vSphere 6.x-5.x

I immediately started to check into the Best Practices area (dashboard) – seemed like the good place to start. As I soon found out I do have some critical known issues and configuration issues with in the environment – good work Runecast

Then I moved to the Issues List which is nice as it color codes issues in different categories (critical, major, Medium and low). I am not 100% sure how these are calculated but they do align with how I generally look at issues within an environment. I also notice some really cool info around PSODs and how it relates to hardware drivers and firmware updates.

I expanded to find some full details from and the KB article: 

My environment will take some time to fix however with this view of issues/updates and the information in the KB, we could make the virtual environment a lot better in a proactive way. In a production environment this could save a lot of time so that issues are found faster and reported. We could actual enable an operation team to see the dashboards or via emails.

Security hardening is shown for my entire environment – for future discussion

Detailed log analysis is viewable – I didn’t get to this feature other than doing some searches so I’ll work on this more in the future.

Conclusion

Awesome Tool! I ran the app in my environment to try it out; it found reconfiguration issues, missed settings and missing patches. In an enterprise environment a human error and reconfiguration accounts for a large number of issues.

I would strongly recommend running an analysis to check your virtual environment to see if things are running at peak performance and how can it improve your proactive state for better stability. 

 

Check it out: https://www.runecast.biz/

 

Runecast - few items would like to see updated or how-to docs:

I would like to understand the categories better

How to export the report with the findings

What is the plan to add other products into Runecast (IE other hypervisors/hardware vendors, etc...) 

OK… script away ---

A friend of my (Jeremy) helped write this with me learning sometime back however I cleaned it up some. It is and was a great tool in another role I use to be in. I removed list items 4-9 as we used it to setup specific performance settings for a technology/vendor product, but you do not need it for this script to help you with setting up the VI side of things. I do know that some of the PowerCLI commands are older but we had older ESX/ESXI versions we needed to cover. Also we haven’t had time to redo it with newer commands.

We wrote this originally to help implement VI settings as and as overwrite/correct settings. So please test it. You are using this at your own risks.

There is a step in here at the beginning to kill all VC connections… I used it for testing…
Here is a few of the settings we targeted at each layer – single host or vCluster or vDC

Enable Firewall Port Settings
Disconnect Media Devices from VMs
Modify Syslog Settings
Create Persistent Scratch Location
Modify Domain Name and DNS
Modify NTP settings
Modify Storage Settings (add, scan, rename, mount NFS share)
Enter/Exit Host from Maintenance Mode
Connect, Disconnect ESXi Host from vCenter
Change Root Password
View ESXi Logs
Enable\Disable SSH
Modify Networking Global Settings
Modify Networking for vSwitch 0, 1, 2

I would like to ask if you modify or update the Script then please share it back with us.
Please provide feedback/comments so we can make it better and report any issues you find.

I am not a GURU at scripting.. I just like to get creative sometimes and scripting helps with applying that creativity quickly.

Download - PowerVIConfigurator_v2.txt

 

Thanks
@vTwindude

 

So I was asked how to audit the VMware license in use vs portal? Meaning what we have vs what VMWare portal says we have vs what are we using. License is a big cost for most. For me I was thinking for sure there is a tool to do a compare, hmmm not that I can find. Sure you can look in your VMware portal to see what you have paid for. However if you are in the middle of a migration/upgrade it could become a mess to see what you have and how much you have paid for. So the fun begins…
This is a very large organization with many different levels of license as well as versions. At that point I was asking if there’s a tool to compare what are allotted vs used vs portal. As you know license can be a mess to maintain but surely there’s a tool to do an audit, well not so fast. I did search the web however i did not see what I was looking for, however I was thinking, surely someone has done this. So I turned to my social media friends for help. I put out a twitt to ask about a script to put this information. Sure enough some folks started to point me to scripting, and someone had one…. Thanks Jonathan Meed.
Requirement is to gather the following:

·         Hostname
·         License key assigned to the host
·         Name of the VC managing the host
·         License type
·         Flexibility to collect the information for multiple Virtual Centers

So I got a script from Jonathan and massaged it some however I couldn’t get it to do what we needed. This was on me as I was trying to understand each piece of the script. Great Job Jonathan!
So I did a little reading:
API - https://www.vmware.com/support/developer/vc-sdk/visdk41pubs/ApiReference/vim.LicenseManager.html
Understanding ‘Functions’ - http://www.thomas-franke.net/including-scripts-functions-modules/ 

At this point I decided to just create a script. I asked a friend Matt Derk for some help, he knows scripting pretty good. In any case here is what we came up with and it works,,,, yay
Disclaimer – We tested against VC 5.5

First set the script to collect data from multiple virtual centers:
I saw an error at first so we worked through this to stop the prompting for invalid cert.

# Set to multiple VC Mode
if(((Get-PowerCLIConfiguration).DefaultVIServerMode) -ne "Multiple") {
    Set-PowerCLIConfiguration -DefaultVIServerMode Multiple -InvalidCertificateAction Ignore -Confirm:$false | Out-Null
}

Then we wanted to allow for inputting multiple hosts:
#Define VC hosts – IPs or FQDN
$VChosts = @(
"VC1.ron.com",
"VC1.ron.com",
"VC3.ron.com"
);
Write-Host "Connecting to VC Server(s)"

Then connect to the hosts: We didn’t really want to prompt so the script will use the session you are logged in with. If you want to use different creds, right click and choose ‘Run As’.

Connect-VIServer -Server $VChosts

Then we need to define some variables for the data we want to grab
#Define variables for license and host functions
#API - https://www.vmware.com/support/developer/vc-sdk/visdk41pubs/ApiReference/vim.LicenseManager.html

$servInst = Get-View ServiceInstance
$licMgr = Get-View $servInst.Content.licenseManager
$licAssignMgr = Get-View $licMgr.licenseAssignmentManager

Now let’s throw in a function to do this work:

function Get-VMHostId($Name)
{
    $vmhost = Get-VMHost $Name | Get-View
    return $vmhost.Config.Host.Value
}
function Get-License($VMHostId)
{
    $details = @()
    $detail = "" |select LicenseKey,LicenseType,Host,VC,Total,Used,ExpirationDate
    $license = $licAssignMgr.QueryAssignedLicenses($VMHostId)
    $license = $license.GetValue(0)
    $detail.VC = ([Uri]$licAssignMgr.Client.ServiceUrl).Host
    $detail.Host = $license.EntityDisplayName
    $detail.LicenseKey = $license.AssignedLicense.LicenseKey
    $detail.LicenseType = $license.AssignedLicense.Name
    $detail.Total = $license.AssignedLicense.Total
    $detail.Used = $license.AssignedLicense.Used
    $details += $detail
    return $details
}

Now run this against all hosts and puke out the data to a file. The script is setup to create the path/folders if not there.

# Run Query Against All Hosts
$vmhosts = Get-VMHost
$details = @()
foreach ($vmhost in $vmhosts) {
    $vmhostname = Get-VMHostId $vmhost.name
    $detail = Get-License $vmhostname
    $details += $detail
}
$details
if(!(Test-Path -Path C:\Temp )){New-Item -ItemType directory -Path C:\Temp}
write-host "output being save to C:\Temp\Host-Licenseinfo.csv"
$details | Export-Csv -NoTypeInformation C:\Temp\Host-Licenseinfo.csv
 
I can assure you I’m no pro at this but hey it works…. J However it seems that the “expire date” is in a different area and couldn’t get it to work within one script so we created second one to grab that. I know it’s not ideal but a manual combine is better than none.
Sample output; now you can sort and do all kinds of things with the data.

 

 

 

 

 

I am sure others can make these better. Thanks for reading and happy auditing your license.

Thanks Matt & Jonathan for your time and consideration.  

 

Download script:  Licenseinfo-01.txt

  To start out I am NOT an employee for VCE/EMC/Cisco. This is based off of my own opinions and experiences.  Now let’s get started J

The future of technology seems to be about effectively using datacenter resources and underutilized hardware. I believe that you need to converge infrastructure components to effectively use a datacenter. To me, a Vblock™ is basically a Technology Appliance that allows organizations to raise the bar for infrastructure utilization. In order to maximize you’re spending (OPEX - operating expense) as well as your infrastructure utilization, you will have to have convergence and Vblock™ does this effectively.  I also believe that Vblock™ will allow you to build and get to a cloud model in a much faster well-organized way.

 

What I believe and have seen with the Vblock™ is that it allows an organization to move more effectively toward a Private Cloud model as well as maintain a high-level of performance to their customers. The Vblock™ alone will NOT get you to a “cloud model” but it’s a major step in the right direction. Vblock™ allows you to have a converged infrastructure that allows you to pool storage, computing and networking to optimize datacenter infrastructure (lower TCO - total cost of ownership). Seemingly, you get better performance in a black box at a lower cost. Vblock™ has full scalability. It is flexible from storage to networking components to Cisco UCS blades & chassis (opinion - which in this day and age is one of the leaders in the industry for server hardware) and supports many different configurations. In my opinion Vblock™ technology allows you to virtualize and consolidate your systems while continuing to provide a high-level of performance that has been tested prior to running in your datacenter environment (validation of an outcome).

 

Vblock™ (Standard components and devices based on my experiences):

·         Cisco UCS blade chassis 5108s.

·         Cisco B230s and B200s UCS Blade Models

·         VMax and VNX 7500 Storage Models (EMC storage devices).

·         Cisco networking switches (6140s & 55xx) and FCOE inside UCS blade for connectivity (Standard Vblock™)

·         EMC RecoverPoint™ SAN replication (Block Base) with native splitters on the storage devices.

 

Vblock™ allows an organization to standardize on what I call a ‘complete infrastructure framework/platform’ with many different components (Compute/Network/Storage). This can simplify an organization’s support as well as help companies move away from a fragmented infrastructure. This convergence (pooling) allows you to share resources to infrastructure components at the same time. Vblock™ allows for higher density level in a datacenter which can reduce your physical footprint. I have seen where Vblock™ technology allows cost savings by reduction in hardware maintenance cost (smaller carbon footprint) as well as consolidation on the virtual side. UCS manager allows companies to profile their systems for specific settings based on what application may run and where it will run (server profiles) for fast deployments and provisioning. This builds in versatility when you have hardware failures. Finally, Vblock™ model has allowed for ease of management from my experiences.

 

In addition, Vblock™ does enable disaster recovery plans/exercises and effective off-site recoverability to be more structured (i.e. simpler to perform) from my experience. That’s not only the Vblock™ but a major component of disaster recovery and business continuity. I have also experienced EMC RecoverPoint™ deployed with Vblock™ technology to perform state-full SAN replication on the backend with EMC storage to do block replication. This type of replication allows for a smaller RPO (recover point objective). I have also experienced EMC Data Domain® and Avamar® Grids deployed for effective virtual machine and database backup and restore capability. The replication from Vblock™ to Vblock™ allows us to focus on true “application” DRs vs. infrastructure DR opportunities.

My Opinion:

The Vblock™ is designed, to make IT life simpler (infrastructure framework) and more cost effective (an appliance) for an organization.

 

The views and opinions expressed above are the author's opinions and not do not necessarily reflect his employer’s policies or positions and the author does not intend to so represent his employer.

I agree with 1, 3, 6.

We as IT ppl must change our thought process of how the "end user/customer" is using technology. We must keep them in the front of our minds as we build things as well as plan.

 

http://mobile.informationweek.com/80269/show/70523f10a47cc15b38dadc60f7fdfe93/

http://www.vexperienced.co.uk/2012/11/22/home-labs-scale-up-or-scale-out/

http://www.datacenterjournal.com/it/hurricane-sandy-highlights-need-for-disaster-preparedness/

A complete guide for all your essential vSphere 5.1 docs

http://vsphere-land.com/news/vsphere-51-link-o-rama.html

Great Reading!