In this continuing post I will continue with the installation of the second DC site called DC2.
Here is the overall picture of how it will look like when done in vCenter.
Mar 30 2017
Mar 22 2017
In this Blog post I will setup a full vCenter with NSX Environment.
The Setup is going to contain
1 Domain Controller based on Windows Server 2016
1 RDS Remote Desktop Server used for maintaining the environment
2 Management ESXi hosts
2 Compute ESXi hosts
1 Openfiler iSCSI VM used to provision shared storage to ESXi hosts.
Inside the ESXi hosts I will the setup:
1 VCSA 6.5 – Vcenter Server Appliance 6.5
1 PSC – Platform Service Controller
1 NSX Manager
3 NSX Controllers
The purpose of doing this is to be able to have a fully usuable vAPP Datacenter (DC1) lab environment for training and learning about Vmware NSX.
In the continuation in another blog I will clone the vAPP created and setup a second vAPP Datacenter called DC2. This is for connecting the two DCs togheter to test out the Cross vCenter with NSX design that I will discuss later on.
Feb 08 2017
Here are some random esxcli commands that are useful when working with vSphere and Hosts.
The commands also are very good to learn when studying to the VCAP6-DCV Deploy, Vmware Certified Advanced Professional 6 certification.
Autodeploy: add-esxsoftwaredepot c:/files/esxi6.0.zip get-esximageprofile new-deployrule -Name ”deployment” -Item ”ESX-image”, ”Staging host” -pattern ”ipv4=192.168.0.10-192.168.0.20” add-deployrule -Deployrule ”deployment” get-deployruleset -active get-executionpolicy set-executionpolicy unrestricted add-esxsoftwaredepot c:/depot/vib-offline_bundle.zip add-esxsoftwaredepot c:/depot/esxi6.5-offline_bundle.zip get-esxsoftwarepackage get-esximageprofile new-esximageprofile -cloneprofile original_profile_name -name "profile_name" get-esximageprofile add-esxsoftwarepackage -imageprofile "profile_name" -softwarepackage package_name -Community export-esximageprofile -imageprofile "profile_name" -filepath c:/depot/esxi-profile_name.iso -exporttoiso –force Vmware Update Manager Download Service: vmware-umds -S —enable-host —enable-va vmware-umds -S —patch-store c:/Patches vmware-umds -S —add-url https://host_url/index.xml —url-type HOST vmware-umds -S —add-url https://appliance_url/index.xml —url-type VA vmware-umds -D vmware-umds -E —export-store C:/vmware_download VMFS resignature: esxcli storage vmfs snapshot list esxcli storage vmfs snapshot resignature -l ’volume_name’ MASKING: esxcfg-mpath -l esxcli storage core claimrule list esxcli storage core claimrule add -u -t location -A vmhba2 -C 0 -T 0 -L 0 -P MASK_PATH esxcli storage core claimrule load esxcli storage core claimrule run esxcli storage core claiming reclaim -d naa.010101010100101 ATS SCSI locking: esxcli storage vmfs lockmode list esxcli storage vmfs set -a -l VMFSlabel -u VMFSUUID esxcli storage vmfs set -s -l VMFSlabel -u VMFSUUID Custom TCP/IP stack esxcli network ip netstack add -N=”CustomTCPstack” Configure vSS med CLI: esxcli network vswitch standard list esxcli network vswitch standard add -v vswitch0 -p 10 esxcli network vswitch standard portgroup add -p testpg -v vswitch0 esxcli network vswitch standard uplink add -u vmnic1 -v vswitch0 esxcli network vswitch standard portgroup set -a vmnic1 -p testpg esxcli network ip interface add -i vmk1 -p testpg esxcli network ip interface ipv4 set -t static -ipv4=192.168.0.10 -n 255.255.255.0 -i vmk1 esxcli network vswitch standard set -mtu=9000 -v vswitch0 ESXTOP: esxtop -W esxtop -b -d 2 -n 1 > out.csv vm-support -p -d 2 -i 1 ./reconstruct tar xvf esxi.tgz esxtop -R esxidirectory vscsiStats -l vscsiStats -s -w 90909
Jan 27 2017
This week I have dedicated myself of how to create a Workflow in vRealize Orchestrator inorder to create a XaaS, Anything as a Service blueprint in vRealize Automation.
The problem is this: I have created a multi-machine blueprint in vRA see previous post that creates Windows VMs behind an Edge Loadbalancer. Now I want to make sure that it is only possible to RDP to the VMs by using only the IP address to the LB VIP. So together with NSX micro segmentation make sure to block all RDP connections directly to the VMs and only accept to the LB VIP.
In vRO I have created a REST-API connection against the NSX Manager. Let’s call it nsxmanager.local
A great thing to have in hand when doing this kind of work is having the VMware NSX Rest API documentation available here is the link.
And I also a side from working in vRO am using a standalone REST API client, called Insomnia. So that I am able to test and fetch information of the objects I want to get or post info about as I’m trying to build my code. Here is the link to that application.
Next I have Created a new Workflow in vRO that is called ”Create LB IPset, Security Group and Security Policy”.
The Workflow will be built with four scriptable tasks each doing its own separate thing as described in these bulletpoints.
Here is what I want to do in each Scriptable Workflow.
Retrieve the Names and Edge IP of the Edge Loadbalancer from NSX with GET command in REST API.
Pass the Edge LB IP name and IP onward and create a new IPSet with the name of the Edge LB and add the IP from the Edge in the IPSet.
Pass along the IPset Object ID and IPset name to create a Securitygroup with the name of the IPSet and add the IPset ObjectID to the Security Group Created.
This is done with the POST REST API command.
Last GET the name of the PolicyGroup called ”int30 Security Policy” and modify the XML information. and add the Securitypolicy for the Edge IPSet to the Policy.
The Rule that will be created will contain the SecurityGroup ID, the Application ID and Name. For RDP. And set a firewall rule to allow ANY against the Security Group.
Create a XaaS Blueprint with the workflow in vRealize Automation and add it to our Multimachine Blueprint
In this section we want to make sure that the created workflow is run in our Multimachine Blueprint. And make sure that the workflow is run last after the VMs and Edge Loadbalancer has all been created.
First we go to vRA and go to the Design tab and select XaaS Blueprints.
We create a new XaaS Blueprint and name it: Get Edge LB VIP and add to FW SecPolicy Group.
In the Blueprint we drag the XaaS on to the canvas. Here it is important to drag the bullet and create an arrow to point to the Loadbalancer. This creates a dependency so that the XaaS blueprint is run after the LB is created. To read mor about dependencies see this linkWe then save the Blueprint and next go to the catalog tab in vRA and run it.If we go into our Request and select Execution Information we see the steps being performed and when all is completed it should show success.
We can also go into our vCenter server and check the NSX Manager and Service Composer to see the modifications and creation of the machines and LB.
First we check the Securitygroup created: We see that the name of the IPSet+EdgeName is a created Securitygroup that includes the IPset.We then check the IP Sets and see that the IP Set is created with the IP of the Edge Loadbalancer VIP.Next we go into the Security Policies tab and select the int30 Security Policy
Here we see the first Firewall rule has been changed and the IPSet-Edge-MultiTierNAT-33db…. Security Group has been added to the Allow LB to RDP to VM rule.
This was it and last we can also check and do an RDP session against the LB VIP and against the VM IP to see the results.The IP address to the VM is 10.1.30.210 and the Edge LB VIP is 10.1.30.211. We first try to RDP to the VM. and see that it don’t allow RDP.Next we try RDP against the LB VIP and it works.
We also do a hostname check on the VM and see that we are in the actual VM behind the Loadbalancer.
The End. Thanx for reading…
Jan 20 2017
Here are my recommendations to pass the exam:
Attend the course NSX: Install, Configure, Manage [V6.2]
Study and follow the Blueprint
Do Hands on Labs and search the documentation for the labs at: http://docs.hol.vmware.com and filter to NSX.
Jan 13 2017
Welcome to my new Blog.
I will focus on delivering things that I myself am experiencing in my daily work as a Virtualization Consultant in Sweden.
My main interests are working with Vmware products of different kind. I tend to focus on the latest and most challanging products that have a future in todays ever evolving Information age.
I’m a Senior infrastructure consultant and architect with a focus on virtualization and datacenter. Extensive experience in assignments regarding design and technical operation of large datacenter solutions including server, storage and virtualization. I’ve been active in the role of infrastructure architect with the design and implementation of redundant environments based on Windows Server and. Virtualized environments.
At the moment I’m working for a Consultant company in Sweden called Real Time Services. That’s the number one company in Sweden that specializes with VMware.