virtuallyGhetto

NSX-T Policy PowerShell Community Module for VMC

09/21/2018 by William Lam Leave a Comment

Earlier this week I had published an article on how to get started with the new NSX-T Policy API in VMware Cloud on AWS (VMC), if you have not read through that guide yet, I recommend you take a look at that first as this covers the prerequisites which will be required. As mentioned in that article, I planned to add a few more NSX-T Policy API examples and now the community NSX-T Policy PowerShell includes 10 additional functions which you can see the complete list below:

Connect-NSXTProxy
Get-NSXTFirewall
Get-NSXTGroup
Get-NSXTSegment
Get-NSXTService
New-NSXTFirewall
New-NSXTGroup
New-NSXTSegment
New-NSXTService
Remove-NSXTFirewall
Remove-NSXTGroup
Remove-NSXTSegment

After importing the module, to see the list of all functions, you can run the following command:

Get-Command -Module VMware.VMC.NSXT

Create vCenter Alarms for monitoring HCX migration events

09/20/2018 by William Lam Leave a Comment

With the Hybrid Cloud Extension (HCX) solution, customers can migrate workloads immediately or have them scheduled at a later date and time of their choosing. Most customers will most likely not migrate all their workloads at once, but instead migrate them in different phases or waves based on their own internal schedules. The HCX "Migration" tab in the vSphere Client is a great place to get an overview of all the active, failed, planned and completed migrations and you can get additional details for each migration such status, percentage, amount of data transferred, etc.

Having said that, you probably also do not want to just sit there and constantly watch for progress, especially if something fails. The good news is that HCX already includes some default vCenter Alarms that are generated when a migration fails. There is one for vMotion/Cloud Motion, Cold Migration as well as Bulk Migration and currently these alarms only trigger a UI indication that something is wrong using the red critical icon on the VM in question.

Since these are vCenter Alarms, you also have the option of adding additional actions such as sending an email alert to a particular user or group, an SNMP trap which can then be monitored by your operations team or even run a command within the vCenter Server. Simply updating the default alarm which is defined at the vCenter Server level, you can proactively get notified when an HCX migration fails without having to constantly watch the UI. You may have also noticed the alarm definition is using a numeric ID which is highlighted in the screenshot above. This maybe useful if you wish to leave the default alarms alone and create a brand new alarm, you just need to use those IDs.

Another useful scenario to consider is getting notifications for a successful migration which can then help with transitioning users to the new VM running on VMC or even trigger automated VM and application verification before end users are even notified. Along these similar lines, you can imagine another scenario to consider is with using Bulk Migration and/or Cloud Motion with vSphere Replication. Both methods initially start off by replicating the VM's data from the source vCenter Server to the destination vCenter Server and then either a Cold Migration or vMotion is performed based on the configured scheduled.

vMotion across different VDS version between onPrem and VMC

09/19/2018 by William Lam 6 Comments

For those of you who have attempted a vMotion (whether that is within a vCenter Server or between different vCenter Servers (including across SSO Domains), if the VM is running on a Distributed Virtual Switch (VDS) and the version of the VDS is not the same between the source and destination (VDS 6.5 to VDS 6.7), the operation will fail with the following error message (UI and API):

Currently connected network interface 'Network adapter 1' cannot use network 'DVPG-VM-Network (VDS-67)', because the destination distributed switch has a different version or vendor than the source distributed switch.

This behavior is no different on VMware Cloud on AWS (VMC) or at least, I thought it was, until I recently learned about a really neat feature that was introduced in the VMC 1.4p2 release, here is a snippet from the release notes:

Cross VDS version vMotion Compatibility
With this advanced configuration option enabled, bi-directional vMotion between on-premises and VMware Cloud on AWS can be achieved across different virtual distributed switch (VDS) versions (greater than or equal to version 6.0). This must be enabled on the on-premises vCenter.

It turns out there is actually a way to allow vMotions across different VDS versions, this is important for VMC because the software stack will always be using a newer version than what we ship to our onPrem customers. However, due to this limitation, we could not benefit from the latest VDS version but had to default it to VDS 6.0 to ensure that customers could migrate their workloads. The advanced setting mentioned in the release notes allows us to disable the strict compatibility check which is performed on the destination vCenter Server when a vMotion is initiated, this setting is now enabled by default on the VMC vCenter Server which is why you can perform migration across different VDS without having to do anything special on your onPrem vCenter Server.

Getting started with the Hybrid Cloud Extension (HCX) APIs

09/18/2018 by William Lam Leave a Comment

VMware Hybrid Cloud Extension (HCX) is the de facto VMware solution when it comes to Enterprise scale workload migration whether that is from onPrem to onPrem or from onPrem to Cloud, including our VMware Cloud on AWS (VMC) offering. In fact, one of the most popular use cases for HCX right now is datacenter evacuation/consolidation and customers are migrating their workloads to VMC because they want to get out of the business of running datacenters and get back to running their core business. This is especially attractive for customers wanting to expand to new markets without requiring the need of new datacenters. This makes a ton of sense, especially when you go beyond the initial CapEx, its the on-going OpEx costs that folks may not always be thinking about immediately and being able to easily scale up or down is not always possible for most onPrem environments.

HCX already provides a rich UI interface within the vSphere Client for scheduling migrations including the new Cloud Motion with vSphere Replication feature which was announced at VMworld US 2018.

However, it should come as no surprise that our customers are also interested in Automation, especially as it can help expedite migrations and remove potential user error, especially around mapping the destination networks which can be quite daunting for a large number of migrations. The good news is that HCX provides a Restful API that allows customers to automate all aspects of HCX including the HCX VAMI UI for initial configuration as well as consuming the HCX services which are exposed in the vSphere UI.

How to unregister Hybrid Cloud Extension (HCX) from your onPrem vCenter Server?

09/17/2018 by William Lam 1 Comment

I recently had to redeploy my Hybrid Cloud Extension (HCX) setup on my onPrem vCenter Server as a newer version had been released since the last time I had looked at this which was some time last year. I had already deleted my HCX Manager and cleaned up the other HCX VMs but one thing that is not handled for you currently are the extension plugins that HCX uses to register with vCenter Server, which is no different than any other solution that integrates with vCenter Server.

Today, the only easy way to unregister an extension is to use the vSphere MOB, which I have blogged about in the past here. As you can see from the screenshot below, HCX has a number of plugins and because this is done by hand, its entirely possible that you may accidentally unregister the wrong extension which could severely impact your vCenter Server.

To help reduce that risk, an alternative and recommended method is to simply use the vSphere API (which is exactly what the vSphere MOB is talking to) and specifying the specific extensions to unregister. Below is a quick PowerCLI snippet which talks to the vSphere API and unregisters the 8 extensions related to HCX. After this, if you are still logged into the vSphere Client, you simply need to logout and log back in for the UI components to go away. If you are still seeing the UI plugins, you may need to restart the vSphere Client service.

$extensionManager = Get-View $global:DefaultVIServer.ExtensionData.Content.ExtensionManager

$hcxExtensions = @(
    "com.vmware.hybridity"
    "com.vmware.hybridity.dr"
    "com.vmware.hybridity.hcsp-dashboard"
    "com.vmware.hybridity.publisher"
    "com.vmware.hybridity.troubleshooting"
    "com.vmware.hybridity.fleet-deployment-ui"
    "com.vmware.hybridity.auditlog-ui"
    "com.vmware.hcsp.alarm"
)

foreach ($hcxExtension in $hcxExtensions) {
    $extensionManager.UnregisterExtension($hcxExtension)
}

$extensionManager = Get-View $global:DefaultVIServer.ExtensionData.Content.ExtensionManager

$hcxExtensions = @(

"com.vmware.hybridity"

"com.vmware.hybridity.dr"

"com.vmware.hybridity.hcsp-dashboard"

"com.vmware.hybridity.publisher"

"com.vmware.hybridity.troubleshooting"

"com.vmware.hybridity.fleet-deployment-ui"

"com.vmware.hybridity.auditlog-ui"

"com.vmware.hcsp.alarm"

)

foreach ($hcxExtension in $hcxExtensions) {

$extensionManager.UnregisterExtension($hcxExtension)

}

Once the HCX extensions have been removed, you can now download the new HCX Manager appliance from the VMC portal and redeploy.

Getting started with the new NSX-T Policy API in VMC

09/17/2018 by William Lam Leave a Comment

Today, when you deploy a new SDDC on VMware Cloud on AWS (VMC), it is based on NSX-V by default, nothing ground breaking. However, customers also have the option to request an NSX-T based SDDC, which actually came as a surprise to a couple of folks who I spoke with at VMworld. Back in August, Early Access for NSX-T based SDDC was announced and customers can take advantage of the additional networking and security capabilities provided by NSX-T within VMC. Humair Ahmed who works over in our Networking & Security Business Unit has an excellent blog post here that goes into more details. If you are interested in an NSX-T based SDDC, please reach out to your local VMware account team for more information.

Upon first glance, you might think that this is the exact same version of NSX-T that we have been shipping to our on-premises customers but in fact, it is actually a brand new and improved version. Similar to vSphere (vCenter and ESXi) and VSAN, VMC is always running a newer version of our software than our on-prem customers. One immediate difference that you should be aware of when using NSX-T in VMC is that the current NSX-T API is not available and instead a new NSX-T Policy API has been introduced to help simplify the consumption of NSX-T. All functionality in the current on-prem NSX-T API can be consumed using the new Policy API.

At VMworld, I spoke to a number of current and upcoming customers with NSX-T based SDDCs and they were really interested in using the new NSX-T Policy API and as the title of this blog post suggests, this will be a quick primer on how to do that. Before we get started, confirm that you have an NSX-T based SDDC deployed. If you are not sure, there are a few ways to determine this using either the VMC Console UI or API, instructions can be found here and here.