vExpert 2019!

Happy to update that I’m now a 2nd Time vExpert 2019

I also would like to congratulate all the other returning vExpert NSX members and welcome to all new members joining for the 1st time!

Link to the Announcements!

https://blogs.vmware.com/vexpert/2019/03/07/vexpert-2019-award-announcement/

VMware NSX Data Center for vSphere 6.4.4 Released

So the latest patch update for NSX Datacenter for vSphere has been release as of 14 dec 2018.

The latest release finally include even more support in the HTML UI in vSphere.

NSX User Interface

  • VMware NSX – Functionality Updates for vSphere Client (HTML): The following VMware NSX features are now available through the vSphere Client: Logical Switches, Edge Appliance Management, Edge Services (DHCP, NAT), Edge Certificates, Edge Grouping Objects. For a list of supported functionality, please see VMware NSX for vSphere UI Plug-in Functionality in vSphere Client.

Networking and Edge Services

  • Static Routes per Edge Service Gateway:increases from 2048 to 10,240 static routes for Quad Large and X-Large Edge Service Gateways.

Also some other issues has been resolved with the latest fix. Please stop by the Release notes page to read about these: Release Notes 6.4.4

This means that we can manage more of NSX features from vSphere. Still there is no functionality to access the Edges firewall, VPN and Routing but in time that will hopefully be release.

Have a great winter Holiday

VMware Specialist – Cloud Provider 2019

Today I recieved the latest certification called VMware Specialist – Cloud Provider 2019 after passing the exam last week.

The certification validates my expertise in deploying and managing VMware vCloud Director and demonstrates knowledge of the overall Cloud Provider Platform.

VMWARE VCLOUD DIRECTOR 9.5 Released and what’s new?

The new version of vCloud Director is being released and I wanted to do a quick writeup on what to expect with the new version and all the features that will be available.

Most interesting in my standpoint. If you are a developer working in vCD Cloud are the new integration with NSX-T and Kubernetes. Beeng able to provision containers into the vCD Cloud your company might have in place today. NSX-T is only in an initial integration at the moment, but will surely get full integration as we move forward with the product.

Read the full Blog about the new version. And checkout the datasheet Here.

What’s new in vCloud Director 9.5?

Deeper Integration with NSX

• Integrated into vCD: universal transport zone, universal logical switch and universal logical router now integrated into vCD
• Local egress is supported, active-active or active-standby
• Stretch L2 network across org VDCs in different vCenters/PVDCs in the   same site and across different sites
• Each network can be stretched across up to four Org VDCs
• IP address management (static and DHCP) for cross-VDC networks

Initial Integration with NSX-T

• NSX-T and NSX-V managers in the same vCD instance
• Regular vSwitch and DPDK vSwitch (ENS) for VLAN and Overlay
• Directed connected network (imported from NSX-T logical switch)
• Provider Virtual Datacenters allow clusters of hosts with and without ENS

HTML5 UI

Complete tenant user experience, including:
• User Management
• RBAC Management
• Organization Management

• Expanded Provider Portal
• RBAC Management
• Organization VDC Management

Improved RBAC

• Cascading levels of access
• Implement a flat, consistent, intuitive set of rights

What are the key features of VMware vCloud Director?

• Multi-tenant Resource Pooling: easily create virtual datacenters from common infrastructure to cater to heterogeneous enterprise needs. Policy- driven approach ensures enterprises have isolated virtual resources, independent role-based authentication and fine-grained access control.

• Multi-site Management: stretch data centers across sites and geographies and monitor these resources across sites from a single pane of glass.

• 3rd-party ISV Services: vCloud Director has an extensible UI that can be leveraged by 3rd-parties and Cloud Providers to natively integrate and publish services on the vCloud Director UI. For example, Dell EMC Avamar has natively integrated their Data Protection capabilities right onto the vCD UI.

• Datacenter Extension and Cloud Migration: enable simple, secure VM migration and data center extension with vCloud Director Extender. Allows for true hybridity, enterprise-driven workflows, seamless connectivity and cold or warm migration options.

• Operational Visibility and Insights: refreshed dashboard for centralized multi-tenant cloud management views. Leverage vRealize Operations’ native integration with vCloud Director using advanced analytics, chargeback and more for deep visibility into enterprise environments.

• Containers-as-a-Service: vCloud Director provides an easy on-ramp for enterprises, by delivering containers and VMs in the same virtual datacenter and faster time-to-consumption for Kubernetes, using the Container Services Extension.

2018 vExpert NSX

Happy to update that I’m now a vExpert NSX 2018.

I also would like to congratulate all the other returning vExpert NSX members and welcome to all new members joining for the 1st time!

Link to the Announcements:

https://blogs.vmware.com/vexpert/2018/08/17/vexpert-nsx-2018-award-announcement/

What’s new and awesome with VMware NSX for vSphere 6.4.1 features and licensing.

I wanted to do give some important changes regarding the latest version update of NSX for vSphere 6.4.1 that was released on May 24 2018.

VMware have with this release created a new licensing model that is not that completely different from before but it has some new additions that might be good to be aware of if you are planning to start using NSX.

The new license release is named VMware NSX Data Center. With the same tiers as before; Standard, Advanced, Enterprise Plus and Remote Branch Office.

There are some differences that now is available from before.

When it comes to the Advanced and Datacenter Advanced Editions and Enterprise Plus and

NSX Data Center Enterprise Plus editions

Starting to compare the Advanced Editions you will from 6.4.1 get the following change.

Cross vCenter Networking & Security

Controller Architecture

  • Universal Controller for X-VC

Switching

Overlay to VLAN bridging
  • Hardware VTEP (OVSDB) with L2 Bridging
  • Universal Distributed Logical Switching

Distributed Routing

  • Universal Distributed Logical Router

Edge Routing N/S

  • Egress Routing Optimization in X-VC

The above editions gives organizations the opportunity to run cross vCenter NSX. With all the features that is required. This was something you needed Enterprise Plus license for before.

Regarding the license for NSX Data Center Enterprise Plus you get the following additions compared to Enterprise Plus:

The Description for it states the following:

NSX Data Center Enterprise Plus: For organizations that need the most advanced capabilities of NSX Data Center, plus vRealize Network Insight for network visibility and security operations, and NSX Hybrid Connect for hybrid cloud mobility.

This means as of version 6.4.1 of NSX if you buy the licenses for Advanced Plus you will also get licenses included for running vRealize Network Insight.

This is a great thing, since it means that you will have the ability to do all the things that vRNI offers.

For all of you who do not know or want to know more about vRealize Network Insight you can read about it more on this link.

For reading about the release notes and comparison about the editions please below referenced links:

https://kb.vmware.com/s/article/2145269

https://docs.vmware.com/en/VMware-NSX-for-vSphere/6.4/rn/releasenotes_nsx_vsphere_641.html

I’m also writing this blogpost at my company Real Time Services site so please visit that one if you are in need of more information or need help implementing NSX or any other VMware related products.

Have a great Summer!

Jimmy….

VMware Empower 2018

I’m in Atlanta this week for the VMWare Empower 2018 Conference.

I will update this page with workshops I will be attending and update with information with stuff that are not under NDA.

The Empower 2018 has started

Here are the keynote takeaways:

General session:

Things to look out for

VMware Cloud on AWS

AWS Greengrass – allowing select AWS services to run on vSphere in the data center or at the edge (IoT)

Plan your migration to VMware Cloud on AWS session:

  • Cloud Migrations
  • Data Center Extension
  • Disaster Recovery

Before you embark on the trip to migrate you workloads over to Vmware Cloud on AWS it is important to do an assessment and casestudy on the applications that you are currently running in your On-Premise datacenter.

Gather the data and information

Make sure to find application dependencies

Estimate the cost per year you as a company today have on running a certain application On-Prem. Total costs (Datacenter, cooling, power consumption, OPEX and CAPEX costs etc) put this into comparison with running it in the Cloud. Maybe it is a fit for your need or maybe it’s not.

A thorough assessment before can save you alot of time and money in the end.

Important to also know is that it is free to run 10 applications for evaluation in Vmware Cloud on AWS for 3 weeks at this point in time.

Remember to perform network and costinsight and confirm how the process looks in migrating to the cloud.

VMware vExpert 2018

Hey great news today, I’m happy to announce that I have been awarded vExpert 2018 status by VMware. Click the link to see my profile.

The official vExpert 2018 announcement is here.  I would also like to congratulate my fellow Real Time Services colleges Anders Olsson and Johan Blom for also claiming the vExpert 2018 award. I’m privileged to be in company with so very talented collegues.

Thank you all for reading my Blog I will make sure to keep up the work of spreading knowledge in SDN, Virtualization and Automation.

I’m open to your feedback on what you would like to know more about so feel free to throw your comments my way!

NSX 6.4 Released and a look at the Upgrade Coordinator

NSX 6.4 Released

Yesterday 16/1-2018 the new release of NSX 6.4 was Released. Here is a link to the Release Notes
There are a bunch of new features that was released and listing the top ones to me are the following:

Operations and Troubleshooting:
  • Upgrade Coordinator provides a single portal to simplify the planning and execution of an NSX upgrade. Upgrade Coordinator provides a complete system view of all NSX components with current and target versions, upgrade progress meters, one-click or custom upgrade plans and pre- and post-checks.
  • A new improved HTML5 dashboard is available along with many new components. Dashboard is now your default homepage. You can also customize existing system-defined widgets, and can create your own custom widgets through API.
  • New System Scale dashboard collects information about the current system scale and displays the configuration maximums for the supported scale parameters. Warnings and alerts can also be configured when limits are approached or exceeded.
  • New Packet Capture tab is available to capture packets through UI. If there is a host which is not in a healthy state, you can get the packet dump for that host, and administrator can examine the packet information for further debugging.
  • You can now enable Controller Disconnected Operation (CDO) mode from the Management tab on the secondary site to avoid temporary connectivity issues. CDO mode ensures that the data plane connectivity is unaffected in a multi-site environment, when the primary site lose connectivity.
  • API improvements including JSON support. NSX now offers the choice or JSON or XML for data formats. XML remains the default for backwards compatibility.
Security Services:
  • Identity Firewall: Identity Firewall (IDFW) now supports user sessions on remote desktop and application servers (RDSH) sharing a single IP address, new “fast-path” architecture improves processing speed of IDFW rules. Active Directory integration now allows selective synchronization for faster AD updates
  • Distributed Firewall: Distributed Firewall (DFW) adds layer-7 application-based context for flow control and micro-segmentation planning. Application Rule Manager (ARM) now recommends security groups and policies for a cohesive and manageable micro-segmentation strategy.
NSX Edge Enhancements:

 

  • Enhancement to Edge load balancer health check. Three new health check monitors have been added: DNS, LDAP, and SQL.
  • Improvements to L3 VPN performance and resiliency.

A look at the Upgrade Coordinator

 

Update NSX Manager:

I went ahead and grabbed the NSX Upgrade Bundle tar file from My Vmware portal and logged in to the NSX Manager.

I Uploaded the file and let the NSX Manager upgrade itself to 6.4

NSX 6.4 Flash, HTML5 UI

When all was done I logged in to vSphere. I checked Both the Flash and the HTML5 UIs and You are able to run the Upgrade Coordinator from both. The HTML5 is still lacking all the features for NSX Manager. But just for fun I went with the HTML5 one.

Network and Security for NSX is now viewable in VSphere HTML5 UI and selecting it will go into the NSX Manager part.

Start Upgrade Coordinator:

Now we see the all new Upgrade Coordinator and we can select to start to Plan Upgrade:

Select Upgrade Plan:

We are met with two options:

  • Plan Your Upgrade
    • You can customize and manage the upgrade by choosing components
  • One Click Upgrade
    • System plans and manages the entire process for you

So the difference in options you have is related to what fits your needs the most. In case you have a small NSX deployment One Click Upgrade could be an option. But incase you have a large NSX environment with several hosts clusters and alot of different NSX Edges deployed and you need better granular control then the Plan Your Upgrade option path is the way to go.

Starting of by selecting One Click Upgrade we see that there aren’t that much options more than selecting and starting the upgrade job. And then letting the system takeover the planning and scheduling of the upgrade.

I like to have a more bit controll in my environment so I went back and choose Plan Your Upgrade option:

Plan Content:

We see that we now have the option to select the components that we would like to plan to upgrade. The only option that is not possible to deselect is the upgrade of the NSX Controllers. And that is a prerequisite for to upgrade anyway before we can upgrade any of the other components.

  • Controllers
  • Clusters
  • NSX Edges
  • Service VMs

We also have two checkboxes that defines Pause Upgrade Options: These might be good to enable incase there is a failure in the upgrade process and you need to stop and troubleshoot.

  • Pause between components
  • Pause on Error

Plan Host Clusters:

In the next screen we plan the clusters that we intend to upgrade the Host NSX vibs and components on. Here we have the option to:

  • Add
  • Edit (Edit a cluster and deselect hosts that we do not intend to upgrade the vibs for)
  • Delete
  • Include
  • Exclude
  • and prioritize the clusters in order with Up and Down

Since I only have one cluster I contined with my planning to plan edges

Plan NSX Edges:

On this screen we can plan the NSX Edges we intend to upgrade in the environment. Maybe you sit in an environment for where you are not responsible to upgrade the NSX Edges or the Edges are used in productiontraffic that requires a maintenance window since you have Edges that are standalone in that environment that cannot tolerate a networkloss due to the upgrade and redeployment of that Edge appliance. Then this screen is important to make sure to exclude the edges.

Review Plan:

When the planning of the Edges are completed we proceed to the last screen to Start the Upgrade

Upgrade Status:

The upgrade has now started and we can click on View Details for the Upgrade Plan Progress to see the status for each of the components.

I also went into vSphere and checked the Controller status i the Management pane in NSX and saw that the Update was in progress.

Upgrade Paused:

Since I chose the option to pause between the components being upgrade the upgrade was paused after the Controllers was upgraded and successful.

Next step is the upgrade of the Hosts VIB components. And the Upgrade Coordinator will take care of everything here. That means taking the hosts down one by one in Maintenance Mode. Install the NSX VIBs and then continuing with the next host in the cluster until all are completed. Pretty smart!

Upgrade Complete:

All the components were now upgraded and successful.

Upgrade History:

There is also a history saved for all the upgrades that have been performed in the environment. Clicking that we can see that we have went from v 6.3.5 to 6.4 and the date when it was.

That is it I hoped you enjoyed this deepdive and walkthough of the Upgrade Coordinator.

Upgrading NSX Controllers to NSX 6.3.3 or later deletes any associated DRS anti-affinity rules

So this post is a follow-up and somewhat related to my prevoius post regarding upgrade of NSX Controllers not retaining syslog conf.

I also noticed that the current DRS-Anti-Affinity regler are deleted when upgrading the NSX Controllers to 6.3.4. This is documented at Vmware Upgrade docs for the NSX Controllers

Important:
In NSX 6.3.3 the underlying operating system of the NSX Controller changes. This means that when you upgrade from NSX 6.3.2 or earlier to NSX 6.3.3 or later, instead of an in-place software upgrade, the existing controllers are deleted one at a time, and new Photon OS based controllers are deployed using the same IP addresses.

When the controllers are deleted, this also deletes any associated DRS anti-affinity rules. You must create new anti-affinity rules in vCenter to prevent the new controller VMs from residing on the same host. VMware Docs

So with this in mind I wanted to find out how to quickly find if I did not have any Rules left and in that case recreate the Anti-Affinity rules for the NSX Controllers. And I went on creating Powershell code that I will share:

$credentials = Get-Credential
$VCenters="vcenter01"  ##### Replace with your VCenter Server Names
##A Function for Get-DRSAffinity
Function Get-DRSAffinityEverywhere {
foreach ($Vcenter in $VCenters)
    {
     Connect-VIServer $VCenters -Credential $credentials
     $Clusters= get-cluster
     foreach($Cluster in $Clusters)
         {
             Get-DrsRule -Name "*Controller*" -Cluster $Cluster | Select Name, Enabled, Type, 
                @{Name="VM"; Expression={ $iTemp = @(); $_.VMIds | % { $iTemp += (Get-VM -Id $_).Name }; 
                  [string]::Join(";", $iTemp) }} 
         }
    Disconnect-VIServer -Force $VCenters 
    }
}
$credentials = Get-Credential
$VCenters="vcenter01"
So If we where to find any Anti-Affinity Group that has the name and contains Controllers then we do not need to do anything, if now we would need to recreate the rule and add the NSX Controllers to that rule.
Get-DRSAffinityEverywhere
Name          Port       User 
----          ----       ---- 
vcenter01     443        local\vcuser

Since it was empty we now run the following script to create fetch the Cluster where the NSX Controllers are in my case it ends with 01 so I filter on that.

## Separate NSX Controllers with Anti-Affinity Rule

$credentials = Get-Credential
$VCenters="vcenter01"
Connect-VIServer $VCenters -Credential $credentials

## Get the Cluster that has name containing 01.
$cluster = GET-Cluster -Name "*01*"
$cluster

## Get the VMs that contains Controller
$antiAffinityVMs = Get-VM -Name "*Controller*"
$antiAffinityVMs

## Create a new DRS Rule that separates (KeepTogether=false) the VMs 
New-DrsRule -Cluster $cluster -Name "Separate NSX Controllers" -KeepTogether $false -VM $antiAffinityVMs
Disconnect-VIServer -Force $VCenters

We can now Run the command Get-DRSAffinityEverywhere once more to check that the VMs have been added to the Anti-Affinity Rule.

Get-DRSAffinityEverywhere

Name         Port     User 
----         ----     ---- 
vcenter01    443      local\vcuser

Name : Separate NSX Controllers
Enabled : True
Type : VMAntiAffinity
VM : NSX_Controller_0101010101;NSX_Controller_101010101;NSX_Controller_1111000001111

Or check in VMware vSphere WebClient.

 

Load more