What tools should a VMware team have to monitor their environment

I have worked with a bunch of customers over the last couple of years and there has been a very common theme. The overwhelming majority of IT shops have not invested in any tools to help them manage and monitor their VMware environments. Sure they have vCenter and you can get some great info out of it, but unless something is going really wrong or has already you might not have a clue. You are essentially driving blind.

This guy does not monitor his vCenter server

This guy does not monitor his vCenter server

VMware event monitoring

To me the first thing that I think shops should invest in if they don’t already have a tool capable of doing this is, get something that can properly monitor your VMware environment. To be clear of what I mean by this is a tool that will scrape logs and watch for events in your environment and notify you about issues. How it notifies you can vary, whether you want a ticket created or simply an email.

Without something actively monitoring your hosts and vCenter you could be missing some very serious issues. I’ve seen customers that had paths down and did not know about them. You could also be exceeding some threshold that could be pointing to something more serious. Basically there are a ton of small and large issues that you could discover with proper monitoring.

There are products from several companies like Veeam, Quest software. One of the tools that has impressed me a few times was the SCOM plugin called Veeam Management Pack. This is a very powerful tool that can be used by Windows shops that already have SCOM deployed and are monitoring. The plugin contains a ton of items that it monitors for and maybe the most extensive set of items that I have see out of any tool so far.

About Brian Suhr

Brian is a VCDX5-DCV and a Sr. Tech Marketing Engineer at Nutanix and owner of this website. He is active in the VMware community and helps lead the Chicago VMUG group. Specializing in VDI and Cloud project designs. Awarded VMware vExpert status 6 years for 2016 - 2011. VCP3, VCP5, VCP5-Iaas, VCP-Cloud, VCAP-DTD, VCAP5-DCD, VCAP5-DCA, VCA-DT, VCP5-DT, Cisco UCS Design

Read More

PHD Virtual Monitoring application review – Sponsored Post

I was contact by PHD to test and review their monitoring application. In all honesty I have never really paid much attention to PHD in the past. I had never come across their product in any customers so the need had never come up. But I had seen their ads and hear others discuss them so I was interested when asked. I will not attempt to sell you on the product or convince you otherwise, what I will try to do is give you an honest review of what I thought of the product and let you make your own choice.

The testing for this product was done in my home lab on a couple of hosts. So you might have a difference experience in your environment.

Product pitch:

 PHD Virtual Monitor is a comprehensive virtualization monitoring solution that gives you complete visibility across your entire virtual IT infrastructure at all levels including virtual, physical and application. Only with a complete view can you effectively ensure application availability.

I’m skipping the setup of the product, did not want to focus on that part. The image below shows the dashboard view of all the hosts, VMs and datastores that are being monitored. I think the dashboard was probably one of the things that I like most of the product. Now a dashboard view is not unique to this product, as most products these days offer one. I think PHD has provided a pretty simple to interpret display that lets me know the health of my environment. I can click on the icons for each item to drill down deeper. The information is organized into sections for hosts, virtual machines, storage and networking. I did not setup anything for storage or networking.

About Brian Suhr

Brian is a VCDX5-DCV and a Sr. Tech Marketing Engineer at Nutanix and owner of this website. He is active in the VMware community and helps lead the Chicago VMUG group. Specializing in VDI and Cloud project designs. Awarded VMware vExpert status 6 years for 2016 - 2011. VCP3, VCP5, VCP5-Iaas, VCP-Cloud, VCAP-DTD, VCAP5-DCD, VCAP5-DCA, VCA-DT, VCP5-DT, Cisco UCS Design

Read More

VMware vShield App best practices list

After a couple of recent projects that implemented vShield app in various ways I thought it would be good to start building a list of best practices. These are some of the suggestions that I have collected in working with different customers and VMware people. I will continue to update as new things come to light.

Consider reading my list of vCloud best practices when you are done with this list, since they are used together often.

vShield Manager

  • Do not deploy vShield manager appliance to a cluster that it will be protecting, can cause connection to itself and vCenter to be lost. (With vShield 5.0.1 you can exclude the appliance from protection, but I would still avoid)
  • Access to default services like DNS, syslog, NTP and other similar services that all your VMs need access to should be created as Layer 3 low precedence rules at the datacenter level.
  • To provide additional resiliency beyond HS considering using Fault Tolerance (FT) for protecting vShield Manager

 

vShield App instances (Appliances)

  •  When deploying use local datastore on host if available to prevent accidental vMotion
  • Consider setting DRS host affinity to make sure the vShield app appliance does not get vMotioned off of host, DRS is disabled by default for the appliance VM.
  • Follow vSphere hardening recommendations for virtual switches
  • Use Security Groups to group together server of same functions (Domain controllers, Web server, DB server etc.)
  • Ensure that the HA restart priority for the vShield App appliance is set to high to ensure it is the first to restart, making sure that its running before the VMs its protecting are started.

 

 

 

 

About Brian Suhr

Brian is a VCDX5-DCV and a Sr. Tech Marketing Engineer at Nutanix and owner of this website. He is active in the VMware community and helps lead the Chicago VMUG group. Specializing in VDI and Cloud project designs. Awarded VMware vExpert status 6 years for 2016 - 2011. VCP3, VCP5, VCP5-Iaas, VCP-Cloud, VCAP-DTD, VCAP5-DCD, VCAP5-DCA, VCA-DT, VCP5-DT, Cisco UCS Design

Read More

VMware Orchestrator ideas for workflow automation samples

I’ve been talking to a lot of customers lately on the  possibilities of VMware Orchestrator. Things like do they use it now, what they might be able to use if for in their current environment. But most of the discussions are in tandem with a vCloud design. Orchestrator has been a mystery for the last few years but VMware has been working on changing that since vSphere 5 was released. It is now being talked about more and 3rd parties are actively developing plug-ins to expand its abilities to automate other infrastructure.

I don’t plan on teaching you how to use Orchestrator, there is a good book by written by Cody Bunch on Orchestrator. What I do want to talk about is some ideas of what you might be able to use Orchestrator for and get your creativity flowing.

Orchestrator ideas:

Idea 1:

A workflow that clones a VM from a template , nothing exciting right. Well what if you could have the workflow do the customization part for you? So what does this mean, well the workflow could look at the template you are deploying from and then select a License Key for the proper OS that is being used. Then it could place the VM in the Active Directory OU of your choosing. Try doing this type stuff with standard vCenter customization templates, the licensing would take multiple customization files and the OU part would require the template to already belong to the OU you want it to end up in. This would add a lot of layers of complexity to your environment doing it the old way. But with a Orchestrator workflow you can accomplish this and make your admins lifes easier.

Idea 2:

The idea here is not that much different from Idea 1, but it involves VCD. So the idea would be that we have several Organizations setup inside of VCD and the VMs from each Org need to belong to a different OU in Active Directory. Well you probably say there is no easy way to do that. You are right but with Orchestrator we can create a blocking task and a workflow with logic in it that will listen to the request coming from VCD and do a look up for which Org is requesting the VM and match that to logic provided in the workflow that will let it know with OU to use.

Idea 3:

This idea came from one of the local VMware reps that I work with. The idea is to use Infoblox for IP and DNS management for vCloud. To make this work a blocking task would be created that would step in when a new vApp was created and use the Infoblox plug-in for Orchestrator. To give you an idea of how this would work in simple terms. You would deploy vApp and select that it grab an IP from a static pool in VCD. This allows the VM to be created but the IP is only temp and is taken from a small pool that is used just for this purpose. Then the blocking task will step in and request a permanent IP from Infoblox and register it with DNS. The workflow will then go back into VCD and change the IP address selection method to static-manual because it was now being provided from Infoblox.

These are some basic ideas but ones that I know people might be able to use. The whole idea is to get you thinking about what types of automation you might be able to accomplish with Orchestrator by providing some examples.

 

Update 10/29/2012

I thought it would be good to get others to submit their VCO automation ideas. I would like to find out what others are doing already with VCO or list ideas that you would like to try and automate with VCO. These should be tasks or things that are required in your environment on a regular basis that automation could be used to save time. You may already do these today with Powershell or something else. Lets share and help the community benefit.

As incentive I have a code for access to the online content from VMworld 2012. This will allow you to download the PDF versions of the slide decks and listen to the recorded sessions, there is also probably some other benefits that I have missed. I will award this to the best idea that seems both possible with VMware tools and would be beneficial to VMware shops.

 

 

About Brian Suhr

Brian is a VCDX5-DCV and a Sr. Tech Marketing Engineer at Nutanix and owner of this website. He is active in the VMware community and helps lead the Chicago VMUG group. Specializing in VDI and Cloud project designs. Awarded VMware vExpert status 6 years for 2016 - 2011. VCP3, VCP5, VCP5-Iaas, VCP-Cloud, VCAP-DTD, VCAP5-DCD, VCAP5-DCA, VCA-DT, VCP5-DT, Cisco UCS Design

Read More

How vShield App updates rules on appliances

While working on a recent project this question came up. If you create new vShield App rules in vShield manager how does it push these rules out to the vShield App appliances?

As an example you have a large environment with several clusters and you create and publish some new rules that affect only a couple of VMs. Will vShield manager push the rules out to every App appliance in the vCenter Datacenter, every cluster or just the cluster or host that has the VMs affected?

The answer is vShield manager only pushes out the rule updates to the vShield appliances that are affected. So only the ones that are protecting the VMs that the new rules apply to. As an example you can create vShield App rules at the datacenter level, cluster level, port group or per vNic. So based on what level the rule was created at and which App appliances are protecting that level determines where the rules are pushed to.

About Brian Suhr

Brian is a VCDX5-DCV and a Sr. Tech Marketing Engineer at Nutanix and owner of this website. He is active in the VMware community and helps lead the Chicago VMUG group. Specializing in VDI and Cloud project designs. Awarded VMware vExpert status 6 years for 2016 - 2011. VCP3, VCP5, VCP5-Iaas, VCP-Cloud, VCAP-DTD, VCAP5-DCD, VCAP5-DCA, VCA-DT, VCP5-DT, Cisco UCS Design

Read More
Page 3 of 612345...Last »