vthistle.com

You are here: Home / Archives for vExpert

#vExpert2019

By

Good Afternoon friends, it’s been a while since I have posted anything to this fine blog. I promise, I will post more in 2019 as I expect to dive into new products and technologies.

Now, back to why you are reading this post. I’m proud to announce that I made the cut to participate in the VMware vExpert program for 2019. #Strumbelievable! This will be the 4th year that I have been selected to be a part of this program.

The VMware vCommunity is an amazing group of passionate IT folks who are always willing to lend a helping hand and share knowledge.

It’s also great to see that my friend and co-worker @Mike Dent also made the cut!

Congrats to all of the other vExperts out there, I’m looking forward to another great year!

Horizon View 7.5 Instant Clone Issues

By

I was working with someone recently who upgraded their Horizon View environment to 7.5.1 recently who also updated their vCenter to 6.7 – mistake #1.(to get off of the old vCenter Web Client). The customer wasn’t in a position to upgrade their ESXi hosts to 6.7 due to some vendor compatibility issues that needed to be resolved via firmware issues. (mistake #2)

When pushing a new version of a Horizon Instant Clone, they were receiving the error: “Error during provisioning: Cloning of VM Win10-Prod has failed: Fault type is SERVER_FAULT_FATAL – Runtime error: No full links for internal VMs found”

Did I mention that VMware signed off on the version information via an SR?

What did we do to fix the issue? The customer had a small enough VDI environment that it was easy enough to delete the VDI Pools and vCenter and start over (100 clients, 2 Pools).

What would fix the issue: Upgrade your hosts to vSphere 6.7

Moral of the story: Ensure your customers understand the software lifecycle and walk them through the process of ensuring all applications that are dependent on each other are FULLY ready for an upgrade.

Don’t pull a homer.

VMware Horizon View & LetsEncrypt

By

As most tech people, I like to build, destroy, rebuild and repeat. It’s what we do, its how we learn to do things. One of my latest deep-dives has been into Horizon View 7.X. A few years ago, I went down this path as well, and I bought a cert so that I could go through the setup.

Enter LetsEncrypt – Let’s Encrypt is a free, automated, and open certificate authority (CA), run for the public’s benefit. They provide certificates with a lifetime of 90 days and renewing a certificate is done within a couple of minutes, which is perfect for testing and home labs.

I started researching how I could use the LetsEncrypt certs with Horizon View and I couldn’t find much. Before we dive into how we make this happen, I first want to start out by saying using LetsEncrypt with Windows isn’t the simplest thing to do, So I used a CentOS Linux box – Super Small footprint for a cert generator. I’m not a Linux expert, so using and getting to know CentOS was also a learning experience.

So, in this article, I will go through the steps to get the cert, as well as applying them to Horizon View.

Installing LetsEncrypt

As mentioned above, I am using a CentOS machine to obtain the certs.

  • Log into the CentOS machine as root
  • First, we have to install and enable the EPEL repository
    • sudo yum install epel-release
  • Now, we can install certbot – certbot is just an application that goes out and gets the certs
    • sudo yum install certbot

Now that we have Certbot configured, we can now move on to Request the Certificate

Request a Certificate

*Note: change the items in red to match your needs

  1. Run the following command on your Linux box.
    • certbot certonly –manual –email xxxx@gmail.com -d server.vthistle.net –rsa-key-size 2048
  2. Agree to the ToS
  3. Decide if you want to share your email with LetsEncrypt
  4. Answer the question about “Are you ok with your IP being logged” as the IP requesting the cert
  5. Create a page on a web sever with the challenge key to prove you are in ownership of the site

  6. When the request has been validated, you will see a “CONGRATULATIONS
  7. Browse to /etc/letsencrypt/live/site.domain.com/
    1. You will find the following files:
      • cert.pem —-> Server Certificate
      • chain.pem —> Root and Intermediate Certs
      • fullchaim.pem –> Server, intermediate and root chain
      • privkey.pem —> Private key for Server Certificate

Convert PEM to PFX with Private Key

  1. Copy the files listed above from your Linux box to a windows box and use OpenSSL
  2. Run: openssl.exe pkc12 -export -out view.pfx -inkey privkey.pem -in cert.pem -certfile chain.pem
  3. You will then copy your “view.pfx” file that you can use on your Horizon View Server

Adding the new Cert to the Connection/Security Servers

  1. The process to replace the certs on the Connection Server and Security Servers are the same: open MMC.exe -> File -> Add/Remove Snap-in… -> Select Certificates -> Add:
  2. Change the “friendly name” of the default certificate to something other than vdm
  3. Go through the import wizard and ensure you check the box to “Mark this key as exportable
  4. Change the “Friendly Name” to vdm and restart the “VMware View Connection Server” service

Complete – Your View Connection Server is now using you 90 day LetsEncrypt certificate. 

VMware – vSphere Host Client

By

I recently rebuilt my home lab host to ESXi 6.5 and decided to try to exclusively utilize the vSphere Host Client that it was shipped with. I have to admit, I am very impressed with the ease of use and functionality of the client. I was able to configure everything I needed to without opening the C# client once!

What really impressed me was something I stumbled upon, and hadn’t read about prior. LOGS!!!  

To get to this, click on “Monitor”, then “logs”.

How many times have you had to log into a host, start the SSH service and then SSH into a host to view the vmkernel.log file while troubleshooting an issue with a host. (Unless you have VMware LogInsight).

Now you have the ability to view these logs directly from the HTML5 client. Let’s look at an example.

I am going to add an NFS datastore to my host. Click Refresh, and there it is.

Pretty slick new feature!

Nutanix – AFS Deployment and Replication to DR

By

Nutanix Acropolis File Services (AFS) has been available to organizations utilizing the Acropolis hypervisor for a while now. With the release of AOS 5.0, it is now available for organizations who utilize VMware ESXi. This is great for organizations that currently utilize Windows file servers or standalone NAS devices. This solution provides a single interface for virtual machines, as well as file services.

Before deploying AFS, I would recommend that you are on the latest version of AOS and AFS.

Prerequisites:

  • Ensure vSphere DRS is enabled
  • Ensure you have downloaded the BITS from Nutanix portal
  • Ensure you have configured your “External Data Services IP”
  • Have two Networks setup –
    • Client Access Network – Users will connect to this IP to access the File Server
    • Storage Network – I prefer to put this on the same network as your CVM’s.

Deploying the File Server

  1. Go to Menu and Select “File Server”
  2. Click “+File Server”
  3. You will be presented a list of prerequisites, ensure all items are “Checked” prior to the next step
  4. Click on “Download or Upload AFS Software
    1. Upload the Metadata file as well as the AFS Bits
    2. Click “Upload Now”
  5. On the “Basics” screen, you will enter name, file server size and FileServer VM specs. This should be sized to Nutanix Best Practices – Found Here.
  6. On the “Client Network” screen, you will enter IP Addresses that your end user / services will connect to
  7. On the “Storage Network” screen. This network will be used for backed communication between the CVMs and the FSVMs
  8. On the “Join AD” screen – enter the information needed to join your local AD environment
  9. On the “Summary” screen – it will show information you entered on previous screens – click Create – this will create AFS on this cluster. 

Once the File Server has been created, you can then go on to create shares and begin copying data/using your file server

Replication to DR

In this scenario, we will be replicating to another Nutanix Cluster at our DR environment. I will also assume you have setup and configured the “Remote Site”

  1. Go to “Data Protection” on the menu
  2. Click on the file protection group that was created when you created your file server. It will be named “NTNX-<FileServerName>
  3. Click Update
  4. Click to create a new schedule –
  5. Configure your local schedule – Select your Remote Site and select how many snapshots you would like to keep at the DR Site. 
  6. Click Create Schedule | Click Close

Go to the “Remote Site” tab and click “Update”. You will need to configure you vStore mapping – Select your local container, in this example, I have chosen “Nutanix_files_ctr” to be mapped to the “Prod-Site–Files” container. Click Save

On the next snapshot schedule, your file server will be replicated to the DR Site.

In this walkthrough we have accomplished the following items. 

  • Deployed a Nutanix AFS File Server
  • Configured Nutanix AFS Replication to your DR Site