Tag Archives: VCSA

How To… Patch VCSA

With VMware vCenter Server Appliance 6.5 patching has become very straightforward and both the vCenter software and the underlying Photon OS can be updated using a simple GUI. This short run through covers patching a single VCSA where the VCSA High Availability has not been configured.

Login to the vCenter Server Appliance admin console at https://my-vcenter-name:5480/

2017-10-03 (1)

Click on Images to Enlarge

Select “Update” from the Navigator menu on the left hand side, and then choose “Check Repository” from the “Check Updates” drop down in the main panel. This will check the VMware website for any new patches.

2017-10-03 (3)
Continue reading


Advert:

Rolling back a failed VCSA HA deployment

The deployment of High Availability in the vCenter Server Appliance 6.5 is very slick and there’s a great step-by-step walkthrough of how to implement it. However, sometimes things go wrong – in my case a misconfiguration in the underlying network meant that the hosts I was trying to deploy to couldn’t reach each other on the new HA network.

The good news is the smooth Installation process is accompanied by a smooth uninstaller when things have gone wrong. It’s nice to see that this part of the application lifecycle process hasn’t been ignored by the development team at VMware. With the right planning and a bit of luck, you’ll never have to see this yourself- but here’s some example screenshots.

The install has failed, the wizard was unable to configure HA, and we are left with a situation looking like this:

image

The vSphere Web Client is telling me “vCenter HA has an invalid configuration. Click the remove button to destroy the current vCenter HA cluster configuration”. And it is really as simple as that, clicking Remove starts the process- this doesn’t destroy your vCenter environment- just the failed HA attempt – and vCenter reverts back to the model it was using beforehand. We get a nice clear explanation of what is going to be done, details of what manual steps may be necessary, and an option to change our mind.

image

The task proceeds like any other vCenter operation, showing as Completed in the Recent Tasks bar- in my homelab this removal task took just 11 seconds.

image

Once done it was just a case of powering down and removing the defunct Passive and Witness VMs, fixing the pre-existing fault that had caused the error in the first place, and then running the install again.It should end up looking something like this:image

It’s always good to see that development effort has been put into helping the user when something unexpected has occurred and this is a good example of that.

Auto Power On and VCSA Upgrades

VCSA Upgrade

VCSA Upgrade via the Appliance Installer


The vCenter Server Appliance (VCSA) upgrade from 6.0 to 6.5 is a slick, well managed, process. The installer deploys a new appliance, transfers all the settings from the old one (including IP address and identity) and then powers the old appliance VM off. This provides a neat roll-back option if something has gone wrong- you just power down the new appliance and turn the old one back on.

In upgrading my homelab I came across a small gotcha in this however. If you have your old VCSA VM set to auto power on when the host is then the next time you reboot that host (for example when you’ve done a Hypervisor upgrade) the old VCSA will turn on. You could now, like me, be in the situation where two VCSAs are running at the same time and sharing an IP. In a larger environment this is unlikely to happen- the host-based VM Startup/Shutdown feature is largely replaced by HA and DRS rules – but in a smaller setup this is a common practise to ensure that the vCenter comes up when the lab is switched on.

VM Startup and Shutdown

Automatic VM Startup and Shutdown with 2 vCenters


The solution is to switch the Startup behaviour to manual for the old VCSA, and just to make sure disable the virtual NIC on that old VM. Of course once you are happy with the upgrade the old Virtual Machine can be archived/deleted altogether.

Support Bundle taking up log file space on VCSA

Symptoms
The log file disk was nearly full on a vCenter Server Appliance instance, showing a warning message in the vCenter console and the VAMI (Login to https://vCenterHostName:5480). After a bit of investigation (and I’d recommend looking at this article by Brandon Lee and Knowledge Base 2143565 ) I found an old Support Bundle was taking up 2GB of the log disk unnecessarily and tripping the alert threshold.

Solution
SSH into the VCSA using the username root (see KB2143565) and navigate to the folder

/storage/log/vmware/vsphere-client/logbrowser/public/

And look for files named “*_vmsupport.tgz“, check the timestamp on these files and remove any old ones that are no longer required.
Hopefully the warning should clear and the health status should return to green in the vSphere Appliance Management Interface
Healthy VCSA

The All New vSphere 6.5

vmworldHighlights

  1. A new version of VMware vSphere, 6.5, will be released shortly
  2. Migration/Upgrade tools from previous versions (including Windows vCenter) to new VCSA.
  3. VCSA Native High Availability
  4. VCSA Integrated VMware Update Manager
  5. Native vCenter Backup and Restore
  6. Improved Appliance Management
  7. vSphere Clients
  8. Encryption

New vSphere coming soon

VMware has bucked the trend in versioning adopted by other major software companies and decided not to call it’s new vSphere version “10” and opted for the more traditional “vSphere 6.5” to succeed version 6.0 which was originally released back in March 2015. Announced at VMworld Europe 2016 with GA to follow, vSphere 6.5 is a continuation of the product which forms the core of the Software Defined Datacentre chunk of VMware’s “Any Cloud” Cross-Cloud Architecture portfolio. A lot of work has been put into making the experience of installing and operating a vSphere virtualised environment easier; Ignoring any improvements under the hood, and just looking at what’s on the surface there’s a whole bunch of features designed to make life run smoother for the IT Professional, some of which are highlighted in this post.

The new vCenter Server Appliance is a core part to this simplicity, and VMware have answered the requirements of anyone currently sticking to the Windows-based vCenter. If you can get more features and more reliability for less cost and less effort then it’s definitely the way forwards in my opinion. Some of the features discussed here- notably Native HA and Backup/Restore- will only be available in the appliance version of vCenter.

VCSA Upgrade and Migration

 

image Again out to both simplify the life of IT Professionals and encourage vCenter Appliance adoption, VMware has put a lot of effort into creating straightforward, and comprehensive, upgrade and migration tools. As more and more operations and data are handled by vCenter it becomes more and more important that the system can be smoothly navigated from version to version with minimal human effort.

Migrations are possible from Windows vCenters running version 5.5 or 6.0, and both the embedded and external database topologies are supported. Additionally, the new vCenter will assume the identity of the old Windows vCenter so any external interfaces, scripts, and automation should continue to work post-migration.

VCSA Native High Availability

VCSA 6.5 offers a built-in high availability deployment taking away the need for any 3rd party clustering or database solutions. The appliance deploys as an active/passive pair (plus witness) which automatically sets up replication of the integrated database and required vCenter files. The basic setup option also places these nodes intelligently using DRS and SDRS technology and automatically creates the necessary affinity rules and private IP comms, keeping everything simple. For infrastructures with unique and challenging topologies, there’s still an advanced workflow that can be used.

image

Integrated VMware Update Manager

Prior to 6.5 using VUM to manage the patching of a vSphere infrastructure based on the vCenter Appliance has been, how can we put it?, “annoying”. After deploying the slick appliance it was then necessary to spin up (and license) a separate Windows VM just to handle the update system. This requirement has been removed in the new version- VUM is now integrated into the VCSA, enabled by default, and shares the same database instance. The new VUM integration also leverages the VCSA High Availability and Backup functionality.

Native vCenter Backup and Restore

Also new to the vCenter Server Appliance is integrated backup and restore functionality. A great step forward in the simplification of deploying a system this provides a built in solution to backup vCenter to an external location (SCP, SFTP, HTTPS locations for example) and then be able to recover by deploying a clean OVA and choosing the Restore option. image

 

Improved Appliance Management and Monitoring

The vCenter Server Appliance Management Interface- VAMI – has also had a makeover, with many features being added. The 6.0 version had an interface limited to changing IP and NTP settings, rebooting the appliance, and little else. 6.5 adds in built in monitoring of Network, CPU, Memory and the vPostgres database. There is also the option to configure Syslog for deeper external monitoring of the vCenter infrastructure- this allows fully verbose logs to be kept for auditing and troubleshooting processes.

image

vCenter Server Appliance 6.0 Management Interface

image

vCenter Server Appliance 6.5 Management Interface

vSphere Client(s)

Work continues to focus on delivering a fully functioned HTML5 client, but in the interim vCenter 6.5 will come shipped with a new (limited) HTML5 based “vSphere Client”- evolved from the current fling – as well as an improved flash based “vSphere Web Client”. Expect the “vSphere Client” to see continuous improvement and feature addition through the lifetime of the platform –driven through the Fling programme.

Encryption

As with the other topics here encryption in the new vSphere could easily be a post in itself (or a whole series), but to summarise the new features in this area, vSphere is now offering built-in VM encryption. The encryption happens between the VM and the storage so is invisible to the guest.

Local keys are generated within vSphere, and encrypted using keys held in an external (third-party) KMS- this would usually be managed by the IT Security team. Back in vCenter encryption is implemented through Storage Policies, so a VM can be encrypted simply by assigning the correct policy to it. Through the GUI (or API/PowerCLI) it’s possible to set  encryption covering  the Disks, the VMX/Swap files, or the whole lot on a per-VM basis. Through the API/PowerCLI it’s also possible to arrange encryption on a per-VHD level, potentially encrypting different disks on a VM with different keys.

VSAN encryption is on the way- there’s currently an ongoing beta – but will not be available in the 6.5 release. Based on the recent cadence I’d expect to see something in Spring 2017, but that’s just my speculation.

Summary

In summary, there’s lots to look for in the new vSphere release and in particular the vCenter Server Applicance. This week’s VMworld should reveal a lot more in depth into these advances.