While doing some lab work for a vCloud private cloud design, I noticed a strange behavior  on virtual machines that are imported into vCloud from vCenter. Not something that I had noticed in past for some reason, but it really struck me as odd for the tests that I was trying to work on.

What I found was that when importing a VM from vCenter into one of the organizations in my lab cloud, was that the vNic on the VM was still attached to the vSphere port group. Now this really should not be possible as vCloud is suppose to abstract this from your view in the cloud. How I came to notice it was when I tried to set it to obtain an IP from the pool that was configured for the external network attached to my Org network that I thought I was using. It kept returning the error that no IPs were available in the pool, which I knew was wrong because I had checked it several times. What tripped me up was I used a similar name for my vCloud network as my port group so it did not sink in right away.

What the error was really trying to explain was that the vSphere port group on the host did not have an IP pool configured and could not give the VM an IP. This all struck me as very weird because I expected vCloud to assign the vNic to a valid network within my Org much like it handles the placement of VMDK files for storage when importing.

So the fix was to edit the virtual machine within vCloud and under the network drop down I was able to add in an Org network that already existed. Which was more confusing than it needed to be, because it makes you think you are adding a new network rather then just attaching one. I have included an example below.

Example:

The image below shows the network settings shown when editing the VM. I added in the Public-org network from vCloud afterwards, you can also see the different icons next to the networks listed.

In the next image I am showing the external networks that are setup within vCD. These are mapped directly to vSphere port groups shown in the far right column. The red box is around the “VM Network” port group that exists in vSphere but was clearly still attached to the imported VM.

About Brian

Brian is a Technical Architect for a VMware partner and owner of this website. He is active in the VMware community and helps lead the Chicago VMUG group. Specializing in VDI and Cloud project designs. Awarded VMware vExpert status for 2012 & 2011. VCP3, VCP5, VCA-DT, VCP5-DT, Cisco UCS Design

• Mail
|
• Web
|
• Twitter
|
• LinkedIn
|
• More Posts (189)

This something that I wrote last year during the vSphere 5.0 beta and I had intended on using it with another project. After holding it for a longtime I finally decided to publish it here. There will be some other related content coming soon.

With the release of vSphere 5, VMware has entered the era of ESXi only hypervisors. This has been promised by VMware for the last couple of years, so it should be of no surprise to anyone. The ESXi platform has under gone a big coming of age journey since its first release. With each new version and update the ESXi platform has narrowed the feature gap that had previously existed with its brother ESX classic.

With this release VMware’s type 1 hypervisor has entered its fifth generation and in this book we are going to assume that you have a base level of experience. We will not be holding your hand showing each step of a base installation. We will be talking about topics that concern admins on important projects, daily tasks and showing you how to accomplish some of the new features in vSphere 5.

Upgrade considerations and dependencies

With any VMware related upgrade there are numerous items that should be considered when planning to move to the next release. Whether you’re going to be upgrading using existing hardware or purchasing new servers. You need to spend the time to examine the parts of your servers and validate they are supported by the release of vSphere that you plan on using. This can be done by using the VMware HCG or Hardware Compatibility Guide also commonly referred to as the HCL.

The release of vSphere 5 offers most of the same paths for upgrading, but also offers some not possible in the past. To make this easy to digest we have created Figure 1.0 that covers the upgrade paths and if they are possible with ESXi 5. Each of these methods will be expanded upon within the sections of this chapter.

About Brian

Brian is a Technical Architect for a VMware partner and owner of this website. He is active in the VMware community and helps lead the Chicago VMUG group. Specializing in VDI and Cloud project designs. Awarded VMware vExpert status for 2012 & 2011. VCP3, VCP5, VCA-DT, VCP5-DT, Cisco UCS Design

• Mail
|
• Web
|
• Twitter
|
• LinkedIn
|
• More Posts (189)

In talking with different customers I have been getting questions about how would clusters be sized and utilized in a vCloud environment. Before we get too far into the details I will give a brief overview on how capacity is presented to vCloud.

When setting up resources or capacity within vCloud you have to first create Provider Virtual Datacenters (vDC). These provider vDCs map back to either a single vSphere cluster or resource pool. This means that depending on your decision to scale out or up you will end with either large pools of capacity or more smaller ones. There are many reasons that you might do either option so I won’t go into that discussion.

At the end of the post I have described the three options for allocating resources to Organization vDCs. These provide you with different methods to assign, guarantee or over commit resources. With any of these you will need to decide how you will construct your HA clusters for vSphere that will support your cloud.

So you might be wondering what effects an HA cluster could have on your cloud. Well to give you a simple example depending on what options you use to build your HA cluster could allow tenants of the cloud to provision too many VMs and upon a failure all VMs might not be able to restart, or when provisioning a new vApp the VM would not be able to start because it failed admission control. These are just some of the things to think about along with what level of failure will you design for. Do you need to be able to sustain one host failure (N+1) or two host failures (N+2).

Example 1: You configure a vSphere cluster for HA and allow it to sustain up to 1 host failure or specify the percentage of cluster resources that it will reserve for spare capacity. Now both of these 2 methods do their best to guarantee there are resources available for fail over. Back in the server virtualization days you had an Admin team that managed this and the provisioning to make sure the limits are not violated. But in a vCloud deployment you will need to allocate these resources to vDCs. Depending on which allocation method you choose, you might be over committing resources or allocating 100% of them, see options at the end of this post. This could allow the cloud tenants to provision too many vApps and causing them to not start or not start after a host failure.

To avoid this issue you need to architect your clusters and vDCs paying close attention to your sizing and how you allocate the resources. Also when adding capacity to a cluster you will need to modify the settings on the vDC in vCloud to accommodate the capacity that was added to the cluster paying close attention to not get your calculations out of whack.

Example 2: This method is something that I have never been much of a fan of for straight server virtualization but sometimes use if for cloud designs. In this option a Failover host would be specified, this host would be waiting to take over for a host failure. In this design you would not be able to allocate these resources since they are not available for use. This is usually regarded as a waste when people hear that a host will be sitting there doing nothing. But it does accomplish what we are trying to do.

Now when creating your vDCs in vCloud you can allocate up to 100% of the resources since there is now dedicated failover capacity. I personally don’t like to allocate 100% even in this scenario, I like to use something in the 90-95% range which allows for a little bit of breathing room. You could also take the route of allocating less of a percentage and then using it to increase capacity as needed.

When you expand the cluster you still need to edit the vDC in vCloud to allocate the newly added capacity. But it will be a much more straightforward process. Because all you have to do is increase the resources to the level that you had previously chosen. For example we  had 4 hosts allocated at 100% and we added a 5th host, when we edit the vDC we will see the allocation down to about 80% of total resources. So all that is needed is to increase to 100% again. This makes the process of scaling a little more easy to understand.

The image below shows the different allocation models available in vCloud. Each offers different ways to allocate resources to Organizations but requires some different planning when making the decision. You can use a cluster to provide resources to one type of allocation method or mix and match them. But mixing allocation methods that are getting their resources from a single cluster requires you to pay close attention to how many resources are allocated to each vDC.

Pay as you go model:

With this model you can set the amount of CPU and Memory that you will guarantee to the each VM. This allows you to over commit resources if you desire. There are not any resources committed to an Organization until a vApp is deployed. The image below shows the available resources and what you are going to guarantee. Also gives an estimate of how many virtual machines could be created with these settings.

Allocation model

In this model you are allocating an amount of CPU and Memory resources to an Organization in vCloud, but you do not have to guarantee them anything. For example you could allocate them 5GHz of CPU but only guarantee 50% of that amount to them. This allows for overcommitment if desired.

Reservation model

In the last model you are reserving capacity to an Organization. Much like the allocation method you allocate CPU and Memory, but this model guarantees all the resources.

About Brian

Brian is a Technical Architect for a VMware partner and owner of this website. He is active in the VMware community and helps lead the Chicago VMUG group. Specializing in VDI and Cloud project designs. Awarded VMware vExpert status for 2012 & 2011. VCP3, VCP5, VCA-DT, VCP5-DT, Cisco UCS Design

• Mail
|
• Web
|
• Twitter
|
• LinkedIn
|
• More Posts (189)

After working on a bunch or larger VDI projects last year there was usually several conversations with the security teams of these enterprises that don’t seem to get much press in the VDI world. Lets face it, VDI is new for most of us but it is a total shift for your security team to wrap their heads around this new portable desktop idea. In today’s world the security team is used to their being a hard drive in a PC that captures the activities of the employee for the life of that computer. So if some event takes place and they need to investigate or do forensics on the PC all is there, even if someone tried to cover their tracks.

So the default response of these security team members when you talk VDI and ask what do they need kept from a Windows desktop to be able to do their work? Is they need everything!! Well that does not mesh up with the idea of linked clones, floating pools and the idea of a layered desktop image.

When VDI is done right you are separating the images into layers that include the operating system, applications and user profiles. These layers are then presented back to a user upon login and looks like a personalized desktop for them. But with this method the actual operating system (OS) is some what disposable, meaning that you are reading from a master copy or golden image that is read only. This golden image is shared by all of the users and allows for the desktop to be refreshed at each logoff or on a regular basis keeping the desktops clean. This also allows for easy patching of your virtual desktops, but that is enough of a VDI lesson.

The really fun conversations happen with security when they find out that desktops are created and destroyed automatically and things like page files and temp folders that they are used to have around for the lifetime of the PC are being trashed and recreated on a regular basis. But if you work closely with your security team and find out how their tools work and what parts of an OS or user profile need to be preserved a plan can be formulated and factored in when creating your VDI design.

There are other factors and processes that security is concerned about besides forensics. They will need to adapt the process that cover what is done when an employee is let go for example. Since there is not a desktop that can be held until the process is complete, you will need a method to freeze their VM in time and not allow it to be used by others.

These are all very important conversations and processes to be considered when creating your enterprise virtual desktop design. Make sure to include all necessary teams that will have a stake in your new environment and invite the security team to the table earlier rather than at the last minute. I know nobody likes to talk to those security guys but addressing their questions and concerns earlier will prevent them from putting the breaks on your project in the final stages, until you are able to adapt and meet their demands.

About Brian

Brian is a Technical Architect for a VMware partner and owner of this website. He is active in the VMware community and helps lead the Chicago VMUG group. Specializing in VDI and Cloud project designs. Awarded VMware vExpert status for 2012 & 2011. VCP3, VCP5, VCA-DT, VCP5-DT, Cisco UCS Design

• Mail
|
• Web
|
• Twitter
|
• LinkedIn
|
• More Posts (189)

I’ve been building a list over time of things that have frustrated me about vCloud Director (vCD) or items that I thought would make it better. I’ve been writing this post for awhile and a couple of recent projects brought up some new items and made me realize its time to publish this. I am in no way bashing VMware or vCD by creating this post. I think vCD is a great product and for customers that can take advantage of its features should be looking at deploying it. I am simply trying to suggest improvements and communicate feedback from customers. My goal is to see vCD grow into the best product possible and dominate the cloud market. I also realize that most cloud platforms are pretty immature and that vCD is just a revision 1.5 product so it will improve over time.

But I see VMware pouring a ton of resources and pushing development of VMware View pretty fast over the last 18 months and would also like to see that same type of aggressive development on vCloud Director.

1. Support for Multi-site vCD deployments – What I am hearing is customers want to manage their private cloud from one portal. So for example an Organization within vCD could have several Org vDCs that represent geographically dispersed data centers. No need to vMotion or move workloads around just be able to provision from one portal and manage vApps from a single portal. What might be a good step here is separate vCD deployments that can work in Linked mode much like vCenter can today.

2. Further integrate vCenter Orchestrator with vCD – This one is a big one for me and heavily requested by customers. What this means is when deploying a vApp there should be an easy way to kick off an orchestrator workflow as part of the provisioning process. This is needed to achieve a lot of the orchestration that customers are looking for. I know there are things you can do today with AMPQ, but I’m talking about real integration that much like other products offer today.

3. Edit OS disk size – this is not a huge one but the ability to edit the size of the OS disk would be good. If using Linked Clones I know your going to be limited but if customers are not using fast provision then this would be helpful.

4. Better looking customer portal – This is something that I hear often from clients. Sure the portals are functional but they are still very infrastructure looking and not all that friendly to end users. Clients are looking for something more Web page looking and easy to understand. I as a techie person can find my way around with ease but I’m used to working with this kind of stuff. The Amazon AWS portal is nothing sexy but its link based and pretty easy to understand for new users.

5. Ability to allow disks of a vApp on different datastores and storage Tiers – This is also a big one for me and customers. A good example for this would be an SQL server, the common config would place the OS, temp DB, logs and DB on different disks. These disks could be on different datastores and also be on different Tiers of storage. Currently VMware recommends not mixing tiers of storage within a provider vDC. This is because you cannot control which datastore a vApp will get deployed on and performance could vary based on where the vApp landed. So I have a couple of ideas that might help with this. First one is when deploying the vApp have an option to automatically place the disks for you much like today, but if you unchecked the auto option the user would have the ability to manually select the datastores for each disk in the vApp. The second option would be to use Profile Driven storage options new to vSphere 5 for each datastore within the provider vDC, and when importing the vApp you could assign a storage profile for each disk of the vApp and this would be followed when deploying new vApps from this template. Typically when people want to offer self service deployment they are trying to make the process easy with few decisions, but they still want to offer the ability to do advanced configs.

6. Integrate vShield App with vCloud – This is of medium importance but growing fast. What I mean here is from the organization portals the users should have the ability to config vShield app security groups and firewall rules for the groups. This way after deploying a vApp they could secure it and open the proper ports. This is something that is possible in Amazon today and customer are looking for this. I would say that companies deploying private clouds are not that interested in this but service providers and customers that have servers that are internet connected want this ability. Today there is similar function like this possible for the limited version of vShield Edge that’s bundled with vCD so I don’t think this is out of line.

I will be adding to this list as I think of more items or as things come up during discussions with customers. I would also like to encourage others to leave suggestions in the comments or reach out to me with them and I will add them to the list. Hopefully VMware is hard at work on some or all of these items and we will see them soon in future releases.

I tossed in a couple of funny pictures for motivation, now get coding.

About Brian

Brian is a Technical Architect for a VMware partner and owner of this website. He is active in the VMware community and helps lead the Chicago VMUG group. Specializing in VDI and Cloud project designs. Awarded VMware vExpert status for 2012 & 2011. VCP3, VCP5, VCA-DT, VCP5-DT, Cisco UCS Design

• Mail
|
• Web
|
• Twitter
|
• LinkedIn
|
• More Posts (189)