Installing Group Policy Management on Windows Server 2012 R2

Posted on March 23, 2015 by Calvin Scoltock

You can install the “Group Policy Management” feature in a Windows 2012 R2 server from “Server Manager”, select “Add roles and features

ServMan

If the “Before you begin” page displays click Next, you have the option at the bottom to “Skip this page by default”, select this if you don’t want to see this page in the future. Click “Next>”.

b4begin

Leave the default of “Role-based or feature-based installation” and click “Next>”.

insttype

By default your server will already be selected on the “Server Selection” screen, if it is not then select it and click “Next>”.

servselect

Do not select anything at the “Server Roles” screen, simply click “Next>” to move on to the “Features” screen.

servroles

At the “Features” screen select “Group Policy Management” and click “Install

Posted in Group Policy, Windows 2012 | 1 Comment

Veeam Recovery Plans

Posted on January 2, 2015 by Calvin Scoltock

I am excited to see that the latest version of Veeam Backup & Replication (v8) includes “Recovery Plans” and “Failover Plans”. I’m looking forward to getting this installed within my lab to see how it compares to VMware’s Site Recovery Manager (SRM), Zerto Virtual Replication and Unitrends ReliableDR (Note: Unitrends acquired phd Virtual in December 2013).

Over the years people have often asked me how Veeam Backup & Replication compares to VMware SRM, or how SRM replication works. My answer has always been that SRM does NOT do any replication and Veeam Backup & Replication and VMware SRM are two completely different products. Yes SRM did used to come bundled with VMware vSphere Replication, but it is a completely different product and is now part of the base ESXi hypervisor package. You do not need SRM to be able to use vSphere Replication to replicate VMs from one site to another. SRM is a failover/recovery automation tool, it does not do any replication itself but relies on other replication processes such as SAN based replication and/or vSphere Replication. Veeam Backup & Replication is a Backup tool and Replication tool for VMs and until v8 did not include the comprehensive recovery automation that SRM provides. I’m unsure how comprehensive the Veeam automation plans are at the moment as I haven’t had chance to look at them yet.

Both Zerto Replication and Unitrends ReliableDR are software technologies which replicate your VMs between sites and provide automation for the recovery at the replicated site. Zerto uses its own replication technology, whereas Unitrends will either use its own replication technology or can interface into SAN based replication as SRM does.

Veeam Backup & Replication v8 says that with the recovery plans you can “plan your entire failover in advance, and initiate it with a single click when needed. You can even do this from your iPad (using the web UI) while lying on a beach” and “Planned failover is now directly integrated into the product. This can be used to facilitate data centre migrations or to perform maintenance work on your production hosts or production site.” This all sounds great and I can’t wait to give it a try to see how it compares with the other solutions available.

Posted in Site Recovery Manager, Veeam, VMware | Leave a comment

VCAP-DCD Experience

Posted on December 23, 2014 by Calvin Scoltock

I took the VCAP-DCD exam earlier in the year and planned on posting details of my experience after taking the exam but just never got round to it. So here it finally is.

As I design VMware vSphere solutions for a living I thought this would be the easiest of the VCAP exams for me to pass. I didn’t do a lot of study for it. I

There are only a few testing centres in the UK where you can sit this exam and I had to travel 100 miles to my nearest one with a suitable time slot for me to take the exam.

The exam consists of 100 questions of which 6 are Visio type drawing questions. You are told to expect to spend about 20 minutes per Visio type drawing question, so that takes up 1 h 40 of your allowed time of 3 h 45 for this exam, leaving approximately 2 hours for the remaining 94 questions; just over 1 minute per question.

Some of the questions have a lot of reading material. I started my exam by reading everything that I was given in each question, this turned out to be costing me time. So as the exam went on I would find out what each question wanted me to do and then pick out the important information to allow me to answer the question. For example, whether it is a Visio type drawing question or a multiple choice question and you have an option for a Standard Switch or a Distributed Switch then there will be some information in the question text to identify which one you need; it may be that there is a design constraint that the solution must use the existing enterprise licenses or there may be a requirement for Network vMotion. For each question you need to quickly identify the important information; I found that I needed ALL of the time allowed. I got to the last question with 7 seconds remaining, I quickly selected a random answer that sounded like it might be the answer to a question and then tried to read enough of the question to select a more informed answer – I never did get chance to fully digest the question and the time ran out, I don’t know if the answer I had already selected was marked or not.

I did have an issue with one of the Visio type diagrams where all of my elements on the design moved randomly around the screen. I tried to move each one back to the correct places and ensure all the correct connections were in place but it was proving difficult. So I cleared the drawing and started again with it, it only took a few minutes to redraw from scratch as I had already worked out the design but this did cost me valuable time.

I had read reviews previously stating that you couldn’t mark questions for later review or go back through the questions. However, there was the option at the top of each of my questions to mark them for later review. As I never got to the end of the exam I don’t know if I would have been allowed to review the marked questions or not.

I have also read reports about this being a design exam and you don’t need to know the VMware Technology so well, trust me you DO need to understand all of the vSphere features and where and when you would use them. Although there are some things that you should be aware of that are not VMware specific. You should know the following and the difference between them: –

  • RPO
  • RTO
  • MTBF
  • MTTR
  • Requirement
  • Risk
  • Constraint
  • Assumption

As a last tip, I would not recommend drinking a litre of water on the journey to the test centre. I was bursting for the toilet for the last 40 minutes of my exam, I’m not sure what the toilet break policy is but I knew that I didn’t have time to go anyway!

You are given your results immediately the exam finishes and I am pleased to say that I passed on my first attempt. I just wish I had taken the time to do this exam earlier, such as when the VCAP4-DCD exam was available.

Posted in Certification, VMware | Leave a comment

NetApp Announce EVO:RAIL appliance

Posted on December 5, 2014 by Calvin Scoltock

NetApp is the latest vendor to jump on the EVO:RAIL bandwagon by announcing that they will sell an EVO:RAIL appliance.

They are not getting completely into the server market; they will not start selling servers alone, however you will be able to purchase a hyper-converged EVO:RAIL appliance from NetApp including compute and storage resources bundled with a VMware software stack. See previous article regarding EVO:RAIL for more details about the EVO:RAIL appliance.

NetApp will bundle a 2U NetAPP FAS with their EVO:RAIL appliance to add additional storage and their software such as SnapMirror, SnapVault, e.t.c.

Adam Fore, NetApp’s director of solutions marketing, says that the EVO:RAIL appliance will complement their FlexPod joint venture with partners Cisco. They see EVO:RAIL being targeted at smaller environments such as departmental infrastructures, branch offices or specific deployments such as VDI. FlexPod is aimed at enterprise data centres and large environments.

It is expected that the NetApp EVO:RAIL will be available in the first half of 2015.

NetApp Press Release

Posted in VMware | Leave a comment

SRM 5.8

Posted on December 2, 2014 by Calvin Scoltock

At VMWorld 2014 VMware announced vCenter Site Recovery Manager (SRM) 5.8.

One of the main features this brings is full integration with the vSphere Web Client. Previous versions required the c# client. This has held people back from moving to the Web Client as they had to use the old c# client to perform any SRM work and therefore stuck with that client. This integration may encourage more people to move to the web client.

VMware have improved the recovery performance by reducing the time it takes performing storage tasks. The figures provided by VMware are that an environment with the following

  • 2000 protected VMs
  • 250 protection groups
  • IP customisation of all VMs

would take the following length of time to perform a recovery to the protected site

 

Total Time

Storage Time

Prior to 5.8

29 hours

17 hours 15 mins

With 5.8

13 hours 53 mins

4 hours 13 mins


As you can see the vast majority of the time savings are in the storage tasks.

Another time saving feature is that now, with SRM 5.8, when you are configuring inventory mappings you have the option to create the reverse mapping, e.g. if you are creating a resource pool mapping from Site-A to Site-B then you can tick a box to get SRM to create the reverse mapping for the resource pool from Site-B to Site-A. This is required if you want bi-directional recovery and for fail-back.

There is also a new IP customisation method where you can map a subnet from the Protected Site to a subnet at the Recovery Site and get SRM to change the IP addresses for you without you having to configure individual VMs. For example you could map 192.168.10.0/24 from the Protected Site to 192.168.20.0/24 at the Recovery Site and SRM would change the IP addresses of the VMs from a 192.168.10.x address to a 192.168.20.x address keeping the last octet of the IP address the same, e.g. changing 192.168.10.55 to 192.168.20.55.

The supported number of protected VMs and concurrent recoveries has been increased in SRM 5.8 as follows: –

 

Supported Protected VMs

Supported
Concurrent Recoveries

SRM 5.5

1,500 VMs

1,500 VMs

SRM 5.8

5,000 VMs

2,000 VMs

These limits are not enforced and you can actually configure more, however VMware will only support the above configurations.

To be able to use SRM 5.8 you will need to be running vCenter 5.5 Update 2 at both sites. Your ESXi servers can be running any version from 4.0 upwards (including ESX 4.x).

For new SRM 5.8 implementations there is an option to use an embedded vProgres database so you no longer have to rely on a SQL or Oracle database.

I have heard a rumour that there is currently a known issue with SRM 5.8 that if your vCenter servers are configured in Linked Mode then if one of them is unavailable you are unable to perform a recovery. The work around for this is that you disable Linked Mode. So if you are using vCenter servers in Linked Mode then you might want to take this into account. I’m sure that if this is correct then there will be a patch to rectify this issue very soon.

Posted in Site Recovery Manager, VMware | 1 Comment

Private VLAN (PVLAN)

Posted on November 23, 2014 by Calvin Scoltock

Confused about what a Private VLAN is, as compared to a “normal” VLAN. Hopefully this article will make it all clear.

Why do we need Private VLANs?

VLANs are used to segregate the network. Let’s say you have a simple network where you have split off your backend server network from your end user computing network. Lets say you have all of your servers on a class C subnet 192.168.1.0 and all of your end user computers on 192.168.2.0. These may be separate physical network switches but more likely than not they will be run on the same physical switch stack and separated by the use of VLANs.

Now all of the servers on the server VLAN can talk to all of the other servers on the server VLAN. What happens if someone/thing compromises one of your servers. That server then has access to all of the other servers on that VLAN.

Wouldn’t it be better if the servers on the server VLAN could only communicate with the others servers that they need to?

Yes, I hear you say, and yes we could give each server its own VLAN. But there is a limit on the number of VLANs you can have, which is 4096; some network switches support a much lower limit such as 256.

Along comes PVLANs

What is a PVLAN?

PVLANs are a way of “chopping” up a VLAN into smaller chunks which may or may not be able to talk to other devices within the same VLAN/PVLAN.

There are 3 types of PVLAN

  • Primary Promiscuous PVLAN
  • Secondary Isolated PVLAN
  • Secondary Community PVLAN

You start off with the source VLAN which becomes the Primary Promiscuous PVLAN and then you can create a number of Secondary PVLANs, either Isolated or Community.

Devices in an Isolated PVLAN can ONLY communicate with devices in the Primary Promiscuous PVLAN. They CANNOT communicate with other devices, even if they are on the sae Isolated PVLAN.

Devices in a Community PVLAN can communicate with other devices in the same Community PVLAN and the devices on the Primary Promiscuous PVLAN.

Examples of PVLAN Use

Some of the examples of where PVLANs can be useful are: –

  • End User Computing. When the end user computers are connected an Isolated PVLAN then this secures each end user device so that it cannot communicate with other end user devices. This would be a good idea for a public WiFi service, where the gateway out to the internet is on the Primary Promiscuous PVLAN and each device connected to the WiFi is on an Isolated PVLAN so that they cannot communicate with other customers devices.
  • Backup Network. The backup server would be implemented on the Primary PVLAN with each device needing to be backed up on an Isolated PVLAN as they only need to be able to communicate with the backup server across the backup network and not the other devices on the backup network
Posted in Uncategorized | Leave a comment

VMware EVO:RAIL

Posted on October 16, 2014 by Calvin Scoltock

At VMworld 2014 in San Francisco VMware announced VMware EVO:RAIL, a hyper-converged infrastructure appliance. There had been rumours of this project over the preceding months under the code name MARVIN and many thought VMware were going to get into the hardware game.

VMware are NOT going to start to sell hardware but instead these appliances will be built by VMware’s qualified partners to VMware’s specifications and delivered with the VMware EVO:RAIL software bundle.

At time of launch the list of qualified partners include: –

  • Dell
  • EMC
  • Fujitsu
  • Supermicro

There are a couple of others that only supply in Asia-Pacific.

Notable exceptions are HP and IBM/Lenovo.

Update: At VMware 2014 Europe in Barcelona HP and HDS both announced that they will also market a EVO:RAIL appliance

What is hyper-converged infrastructure?

Simply put it combines compute, storage and networking into a simple, easy to deploy all in one solution.

EVO:RAIL is not the 1st hyper-converged infrastructure. Nutanix and SimliVity have been doing it for a while now.

So what do you get in the VMware EVO:RAIL appliance?

Each EVO:RAIL appliance is a 2U 4 node hardware platform containing: –

  • 4 independent nodes for compute, network and storage
  • Each node has dual processors and 192GB memory
  • Total of 16TB of SSD and HDD storage via Virtual SAN

Appliances can be combined to build a larger infrastructure; the following diagram shows a 4 appliance 16 node stack.

This sounds like an exciting product with a single appliance and a 4 appliances scaled estimated to run the following workloads

 

Per Appliance

4 Appliances Scaled Out

Server VMs

~100

~400

VMware Horizon View Desktops

~250

~1000

Virtual SAN datastore

13.1 TB

52.4 TB

 

The software stack supplied with EVO:RAIL of course includes vSphere and vSAN but also a management interface to speed up the deployment and management of these appliances. A contest at VMware 2014 Europe got the conference attendees to see how quick then could configure a EVO:RAIL appliance and create the first VM on it. The winning time was 15 minutes. Yes 15 minutes to get a 4 node vSphere infrastructure up and running and a VM deployed.

There is talk of a “big brother” to EVO:RAIL named EVO:RACK which will be a full rack of hyper-converged infrastructure.

Posted in VMware, vSphere | 1 Comment

VCP5-DCV Recertification

Posted on October 1, 2014 by Calvin Scoltock

Today, 1st October 2014, VMware released a cut down VCP recertification exam.

As you all should know, your VMware Certified Professional (VCP) certification now has an expiry of two years after you took it. You can extend its validity by taking another VMware Certification such as one of the VCAP certifications or a VCP in a different solution track, e.g. VCP-Cloud if you currently hold VCP-DCV.

This new “recertification” exam is called VCP5-DCV Delta Recertification Exam. It only tests you on the differences between vSphere 5.0/5.1 and 5.5, is online like the VCA exams so you can do it from anywhere and is cheaper than sitting the full VCP5-DCV exam again.

It is targeted for people who took their VCP5-DCV exam before March 10, 2013 (the date the new expiry rules came into force) and have not taken a further VCP or VCAP exam.

It is only available until the end of November 2014. So if you need to recertify get it quick, more details can be found here https://mylearn.vmware.com/mgrReg/plan.cfm?plan=51919&ui=www_cert including the blueprint and the link to request authorisation to take the exam (like all VMware exams you now need to request authentication from VMware before you can schedule the exam at Pearson VUE.

Posted in Certification, VMware, vSphere | 2 Comments

Editing vCenter VM Settings with Hardware Version 10

Posted on July 3, 2014 by Calvin Scoltock

When using vSphere 5.5 if you upgrade your vCenter server to VM Hardware Version 10 then you will only be able to edit it via the vSphere Web Client. If the setting you are need to edit requires the VM to be powered down then you will not be able to use the vSphere Web Client as it requires the vCenter Service to be up and running.

Prior to VM Hardware version 10 once the vCenter VM is powered down you would connect your traditional C# vSphere Client directly to the ESX(i) host the vCenter VM is hosted on and then edit the settings. This is no longer possible with VM hardware version 10.

One option is to use PowerCLI, for example if you wanted to increase the memory on the vCenter VM and it is not configured for Hot-Add then you can use the following commands:

Connect-VIServer <esx-host-vcenter-vm-is-running-on>
Set-VM <vCenter-VMName> -MemoryMB <New-Amount-of-Memory-in-MB>

For example if your powered down vCenter VM is called vCenter01 and is hosted on esxi01 and you want to increase the amount of memory to 12GB you would use the following commands

Connect-VIServer esxi01
Set-VM vCenter01 –MemoryMB 12288

If you wanted to increase the CPUs to 4 you can use the following PowerCLI command after you have connected to the esxi host

Set-VM vCenter01 –NumCPU 4

While your vCenter server is down I would recommend configuring it for Hot-Add CPU and Memory using the following PowerCLI commands

$VM Get-VM vCenter01

$hotadd New-Object VMware.Vim.VirtualMachineConfigSpec

$hotadd.memoryHotAddEnabled $true

$hotadd.cpuHotAddEnabled $true

$VM.ExtensionData.ReconfigVM_Task($hotadd)

If you have VMware Workstation then another option is to use that to edit the settings. Within VMware Workstation 10 you have an option on the home screen to “Connect to a Remote Server”, use this to connect to the ESXi server your powered down vCenter VM is hosted on and then you will be presented with a list of virtual machines running on this host. You can then edit the settings of the powered down vCenter Server.

Posted in Configuration, PowerCLI, VMware, vSphere | Leave a comment

Moving a VMFS Volume to a Different Site

Posted on June 6, 2014 by Calvin Scoltock

Recently I wanted to copy a VMFS volume from one site to another but the VMFS volume did not automatically mount at the new site.

Using my storage array’s replication technology I replicated the LUN (containing an existing VMFS Datastore) from site A to site B, broke off the replication to make the LUN at site B writable and mapped the LUN to the ESXi hosts at Site B. When I then performed a rescan for Datastores at Site B I was expecting the Datastore to appear, however it never. The LUN was detected by each of the ESXi hosts at Site B as I could see it when looking at the devices detected via the storage adapters.

To mount the datastore at site B I had to resort to the command line, either by SSH to the ESXi host or via the Remote CLI

From a SSH session on the ESXi host run the following commands:

esxcfg-volume -l

This lists the volumes that have been detected as snapshots/replicas and therefore did not mount.

You can then persistently mount the volume by using the following command with the UUID of the volume as displayed in the previous command

esxcfg-volume –M <UUID>

Note: that it needs to be a capital “M” as a lower case “m” will perform a temporary mount of the datastore, not a persistent mount; therefore it will no longer be mounted following a reboot of the host.

Here is an example of where I have run the command from a host

You need to repeat this on all of the ESXi hosts at site B.

From the Remote CLI use the vicfg-volume.pl commands instead of esxcfg-volume and specify the ESXi host you want to run the command against, i.e.

vicfg-volume.pl –server <esxi-host> -l

vicfg-volume.pl –server <esxi-host> -M <UUID>

When you run these command you will need to specify a username and password to connect to the ESXi hosts, e.g. root. Here is an example.

You can also connect to the vCenter server and provide a vCenter administrator username and password instead of connecting directly to the ESXi host when using vicfg-volume.pl, when doing this you also need to specify the ESXi hosts you want to run the command on by specifying the –vihost parameter. Note: you need to specify the ESXi host as it is listed in the vCenter inventory, e.g. if it is listed with the fully qualified domain name you need to specify this on the –vihost parameter, e.g.

vicfg-volume.pl –server <vcenter-server> –vihost <esxi-host> -l

vicfg-volume.pl –server <vcenter-server> –vihost <esxi-host> -M <UUID>

Although I found that I could only do this for the first host and when I attempted to mount the Datastore on subsequent hosts I get the error message

A VMFS volume with the same UUID ‘<UUID>’ is already mounted in the datacenter.

e.g.

So I reverted back to connecting directly to the ESXi host with vicfg-volume.pl.

Note: there is no –m option on vicfg-volume

Posted in VMware, vSphere | Leave a comment