virtuallyGhetto

ESXi Native Driver for USB NIC Fling

02/12/2019 by William Lam 17 Comments

Today, I am very excited to announce a new Fling that I have been working on which is a Native Driver for ESXi that will enable support for three of the most popular USB network adapter chipsets found in the market today. The ASIX USB 2.0 gigabit network ASIX88178a, ASIX USB 3.0 gigabit network ASIX88179 & the Realtek USB 3.0 gigabit network RTL8153. This effort had initially started back in 2016 as a side project with Songtao, a VMware Engineer who works on our USB stack for ESXi. Based on the enormous amount of feedback from the community as well customer Production use cases, this side project evolved into the development of a full fledge Native Driver for ESXi.

This Fling is more than just adding additional network interfaces for vSphere Home Labs, which is definitely a use case, but it is also about enabling new and future computing platforms that may not always have the traditional network connectivity that we have come to expect. Today, ESXi supports a number of high-end network controllers (10G/40G/100G) designed for Enterprise Data Centers that include advanced networking & low latency features. As more & more workloads appear at the Edge like IoT, point-of-sales & remote office use cases, the traditional networking solutions may no longer meet the needs of these new infrastructures.

For Edge computing environments, reducing the cost & power consumption is definitely one of the driving factors. However, with some of these platforms, their form factors can make it difficult or impossible to support traditional high-end network controllers. Luckily, there are a number of options for network adapters in the market but is can also be difficult to support them all.

USB has become one the most widely adopted connection type in the world & USB network adapters are also popular amongst Edge computing platforms. In some platforms, there is either limited or no PCI/PCIe slots for I/O expansion & in some cases, an Ethernet port is not even available. This Fling will hopefully help enable some of these Edge use cases today and with the help of the community and feedback, we can see how this can be enhanced or evolved over time including where it could even be part of the ESXi distribution.

Another use case for USB-based network adapters as mentioned earlier are for vSphere Home Labs, platforms like the Intel NUC or Apple Mac Mini have limited number of built-in Ethernet ports, but plenty of USB & USB-C ports which can enable these platforms with additional networking capabilities. These systems could also be potential Edge platform candidates given the right connectivity.

For download and instructions, please visit https://labs.vmware.com/flings/usb-network-native-driver-for-esxi

Creating vCenter Alarms based on Task Events such as Folder creation

02/11/2019 by William Lam 3 Comments

The vCenter Server Events sub-system is an incredibly rich and powerful interface that enables customers to monitor, alert and even trigger additional actions based on a particular event. One such example that I have written about before is to key off of a VM provisioned event and automatically apply security hardening settings when the VM is created or cloned. This can be useful if customers are not taking advantage of VM Templates or if a VI Admins manually creates a VM from scratch, you can still ensure you have a compliant VM deployment through the use of Automation. You can either poll for the VM created event and then execute a script as shown in this example or you can automatically trigger a remote action by generating an SNMP trap when the event actually occurs.

The possibilities are truly endless on what you can do with vCenter Events and for the complete list of all Event types, you can refer to the vSphere API documentation here. One thing to be aware of is that not every operation within vCenter Server generates an Event, one example of this is when a Folder object is created or deleted. You can use vCenter Server Tasks sub-system to query for this info but there is not a respective vCenter Event that you can key off of to generate an Alarm for example. This was something I had noticed myself and assumed it was a limitation of the platform or feature teams that publish VC Events.

Recently, this question came up again from a customer who was looking for a way to trigger an alarm every time a VM Folder was created. I took another look at this and came to learn about a more generic type of Event that can be used to create an Alarm for such use cases where a native VC Event may not exists called a Task Event.

How to retrieve the NSX-T Overview Info (SDDC Public IP, Appliance & Infra Subnet, etc.) in VMC?

02/08/2019 by William Lam Leave a Comment

I recently a question from one of our VMware Cloud on AWS (VMC) field folks who was looking to programmatically retrieve the SDDC Public IP Address which is shown under the NSX-T Networking & Security Overview page within the VMC Console as shown in the screenshot below.

This actually had me stumped for a bit as I was not able to find anything mentioned in the NSX-T Policy API documentation. My last resort before pinging the NSX Engineers was to use one of my favorite browser tool, Chrome Developer Tools, which allows me to inspect all requests made to a specific web page and can also be helpful in figuring out which REST APIs the UI is using.

It turns out for this particular page, the information was not actually coming from the NSX-T Policy API but rather from another endpoint and specifically /cloud-service/api/v1/infra/sddc-user-config which I am guessing has to do with the fact that some of this information is really AWS specific information such as the Public IP Address for example. In any case, once I realized what the endpoint was and that I could still use the VMC NSX-T Reverse Proxy to retrieve the details, it was pretty straight forward.

Common PowerCLI examples for VM Provisioning in VMware Cloud on AWS

02/07/2019 by William Lam Leave a Comment

One of the huge benefits of VMware Cloud on AWS (VMC) is not only the ability to extend your existing on-premises environment and tap into the potentially unlimited capacity of the Cloud, but customers can continue to use the existing tools and scripts that they are already familiar with. When it comes to Automation, PowerCLI is still by far the most popular tool that our customers uses on a regular basis. With VMC, this is no different as the SDDC is simply made up of vSphere, vSAN and NSX which PowerCLI fully supports.

One learning curve that I have seen for some customers when working with VMC is around general provisioning and the implication of the restrictive permission model in VMC. Unlike your on-premises vSphere environment, in VMC, you are no longer running as a vSphere Administrator but rather a Cloud Administrator. This simply means you no longer have to worry about managing the underlying infrastructure (patch, upgrade, monitor, etc) and you get to focus deploying and managing your workloads.

What this technically translates to is that you are restricted to a particular part of the vSphere Inventory where you have permissions to actually deploy workloads. This is to help isolate your workloads and ensure that you do not negatively impact the VMware Management VMs by accident and thus affecting your SDDC.

From the Hosts/Clusters view, you must use the Compute-ResourcePool
From the VM view, you must use the Workloads Folder
From the Datastore view, you must use the WorkloadDatastore

When using the vSphere UI to deploy new workloads, the UI does a really good job of guiding you towards the right inventory objects, but this may not always be apparent when using the CLI or API, especially for new folks or folks who never use the UI 😉

Using NSX-T Policy API to retrieve the Routing Table in VMC

02/04/2019 by William Lam Leave a Comment

When configuring connectivity from your on-premises environment to your VMware Cloud on AWS (VMC) NSX-T SDDC, you can either use a Direct Connect (DX) or a Route/Policy-based VPN. During the configuration, it can really be useful to have insights into the network routing table, especially if you need to verify a specific route or for general network debugging. Today, the NSX-T routing table in VMC is not currently available in the Network and Security UI, however this information can be retrieved using the NSX-T Policy API, which I have written about quite extensively here, here, here and here.

The NSX-T routing table can be retrieved by performing a GET operation on /policy/api/v1/infra/tier-0s/vmc/routing-table?enforcement_point_path=/infra/deployment-zones/default/enforcement-points/vmc-enforcementpoint By default, you will get the entire routing table, but you also filter out specific route sources such as BGP, Static or Connected routes by appending the following query parameter to the request URL ?route_source={BGP,CONNECTED,STATIC}

To demonstrate how this API works, I have created a new function in my VMC NSX-T PowerShell Module as well as a quick shell script sample using cURL.

For PowerShell/PowerCLI users, I have a new Get-NSXTRouteTable function which will list the entire routing table by default as shown in the screenshot below.

You can also filter on a specific route source such as BGP, CONNECTED or STATIC routes by simply providing the -RouteSource argument and the route source type. In the screenshot below, I am only interested in the BGP routes.

Here is the output when running the list_vmc_nsxt_route_table.sh script which requires a valid CSP Refresh Token, OrgId and SDDCId

Building your own Virtual Appliances using OVF properties Part 1

02/01/2019 by William Lam 3 Comments

This has been a topic I have been wanting to write about for quite some time, especially as I get asked about this on fairly regular basis from both partners and customers. I normally point folks over to our official Virtual Appliance (VA) authoring tool, VMware Studio which includes a number of development resources to help get started. Studio is used by many of our partners when creating their VA offerings, although it may not be the easiest thing to get started with, it does provide a complete end-to-end solution.

Most recently, I found myself building out a couple of VAs for my own day to day use, including a custom PhotonOS OVA that allows me to configure a static network address during deployment through the use of custom OVF properties. The official PhotonOS OVA that VMware ships does not provide this option and automatically defaults to DHCP. If you want to setup a static IP Address, you would need to first deploy the VM and then login to the console or SSH (if you have DHCP enabled) and then manually update the networking settings.

For my use case, Studio was going to be overkill and not to mention it may not even support PhotonOS or other modern OSes in general. However, everything that is needed to build your own VA is actually available right in vCenter Server. This was the perfect opportunity and excuse for me to finally document *my* process, in case it can help others wanting to do the same, especially for a home lab setup. In Part 1, I will take you through the two important concepts of building your own VA and then in Part 2 and Part 3, we will take a look at building both a Linux and Windows VA. I will also publish a reference Linux and Windows implementation so that you can use that as a basis to build your own VA, which is not limited to just Linux or Windows, it can be ANY GuestOS that vSphere supports.